0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 15:23:14 -05:00
Commit graph

15635 commits

Author SHA1 Message Date
Earl Warren
3fbcdd235b
[DOCS] RELEASE-NOTES: 1.20.0-0-rc0 2023-06-10 11:49:41 +02:00
Gusted
f43e9fc4fd [MOBILE] Improve mobile experience (#812)
- Add `stackable` to `very relaxed` pages, such they don't take extra
margins from the space.
- Add margin bottom to the user item in the navbar, so it doesn't look
like crammed.
- Make the migrate page usable, by reducing three to two cards in a row
and making the icon smaller.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/812
2023-06-06 19:14:26 +00:00
Earl Warren
7adaafa760 Merge pull request 'auth LinkAccount test coverage' (#803) from earl-warren/forgejo:wip-linkaccount into forgejo-development
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/803
2023-06-05 17:56:10 +00:00
Earl Warren
34212791ee
use backticks to avoid backslash 2023-06-05 18:42:17 +02:00
Earl Warren
e11dcc60f2
[TESTS] auth LinkAccount test coverage 2023-06-05 18:31:07 +02:00
Earl Warren
c1d14c5fff
[TESTS] createUser via the user model helper for integration tests 2023-06-05 18:31:07 +02:00
Earl Warren
6623630d10
[TESTS] testMiddlewareHook, dependency injection in integration tests 2023-06-05 18:31:07 +02:00
Gusted
c240b34f59
[DB] Forgejo database migrations
- Implements https://codeberg.org/forgejo/discussions/issues/32#issuecomment-918737
- Allows to add Forgejo-specific migrations that don't interfere with Gitea's migration logic. Please do note that we cannot liberally add migrations for Gitea tables, as they might do their own migrations in a future version on that table, and that could undo our migrations. Luckily,  we don't have a scenario where that's needed and thus not taken into account.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/795
(cherry picked from commit 8ee32978c0)
2023-06-05 16:34:16 +02:00
Loïc Dachary
7426c1edb4
[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit 3ea0b287d7)
(cherry picked from commit db8392a8ac)
(cherry picked from commit bd2a5fa292)
(cherry picked from commit 2436acb3d9)
(cherry picked from commit 62f50e1c52)
(cherry picked from commit dba1892521)
(cherry picked from commit 4b58e3b6d4)
(cherry picked from commit 1247056856)
(cherry picked from commit afbaea7009)
(cherry picked from commit dcd4813d96)
(cherry picked from commit b51dc963d1)
(cherry picked from commit 611e895efd)
(cherry picked from commit fd492a03f5)
(cherry picked from commit 2c99991f44)
2023-06-05 16:33:37 +02:00
Earl Warren
2edac36701
[API] Forgejo API /api/forgejo/v1
(cherry picked from commit 20b5669269)
(cherry picked from commit 1574643a6a)

Update semantic version according to specification

(cherry picked from commit 22510f4130)

Mise à jour de 'Makefile'

(cherry picked from commit c3d85d8409)
(cherry picked from commit 5ea2309851)
(cherry picked from commit ec5217b9d1)
(cherry picked from commit 14f08e364b)
(cherry picked from commit b4465c67b8)

[API] [SEMVER] replace number with version

(cherry picked from commit fba48e6497)
(cherry picked from commit 532ec5d878)

[API] [SEMVER] [v1.20] less is replaced by css

(cherry picked from commit 01ca3a4f42)
(cherry picked from commit 1d928c3ab2)
(cherry picked from commit a39dc804cd)

Conflicts:
	webpack.config.js
(cherry picked from commit adc68578b3)
(cherry picked from commit 9b8d98475f)
(cherry picked from commit 2516103974)
(cherry picked from commit 18e6287963)
(cherry picked from commit e9694e67ab)
(cherry picked from commit a9763edaf0)
(cherry picked from commit e2b550f4fb)
2023-06-05 16:33:37 +02:00
Percy Ma
f0bc5decfb
[DOCS] LICENSE: add Forgejo Authors
(cherry picked from commit 7c98a4c54e)
(cherry picked from commit 1ec4a8e6cf)
(cherry picked from commit 79de60a5d8)
(cherry picked from commit e7fbfb34a9)
(cherry picked from commit 7f625d25a3)
(cherry picked from commit 9341e18427)
(cherry picked from commit a03e449c01)
(cherry picked from commit b4c7140bec)
(cherry picked from commit 685c9d4a87)
(cherry picked from commit 48b3594a7d)
(cherry picked from commit 8eefd84d38)
(cherry picked from commit d42f1028eb)
(cherry picked from commit 3bb7f7ed51)
(cherry picked from commit ac109696e7)
(cherry picked from commit d39713efb4)
2023-06-05 16:33:37 +02:00
Loïc Dachary
0803eaa2e3
[DOCS] RELEASE-NOTES.md
(cherry picked from commit b07123ee7b)
(cherry picked from commit ca85c880b4)
(cherry picked from commit 723ead94cb)
(cherry picked from commit ff148318da)

[DOCS] RELEASE-NOTES: 1.19.0

(cherry picked from commit e84e43887b)

[DOCS] RELEASE-NOTES: add scoped access tokens

(cherry picked from commit 688f831853)

[DOCS] RELEASE-NOTES: Scoped labels

(cherry picked from commit 747479a07b)

[DOCS] RELEASE-NOTES: OIDC groups

(cherry picked from commit 10c505fe89)

[DOCS] RELEASE-NOTES: Copy Link is broken

On firefox it fails with Uncaught TypeError: navigator.clipboard is
   undefined
On chromium it fails with Uncaught TypeError: Cannot read properties of undefined (reading 'writeText')

(cherry picked from commit 148b2ff093)

[DOCS] RELEASE-NOTES: Copy citation

(cherry picked from commit d0f217735f)

[DOCS] RELEASE-NOTES: Support org/user level projects

(cherry picked from commit de845c7bcf)

[DOCS] RELEASE-NOTES: v1.19 has a documentation

(cherry picked from commit 9a5b46da32)

[DOCS] RELEASE-NOTES: do not split webhook section

(cherry picked from commit 00ed020321)

[DOCS] RELEASE-NOTES: Incoming emails

(cherry picked from commit 06c455b33b)

[DOCS] RELEASE-NOTES: secrets are an implementation detail

(cherry picked from commit 8236dc3a57)

[DOCS] RELEASE-NOTES: Prohibit fork if user reached maximum

(cherry picked from commit 0f80b8c696)

[DOCS] RELEASE-NOTES: scoped tokens: do not duplicate the docs

(cherry picked from commit 9bc4793c07)

[DOCS] RELEASE-NOTES: rss feed for tags and releases

(cherry picked from commit 599b36fada)

[DOCS] RELEASE-NOTES: protected branches wildcard

(cherry picked from commit 2b316c4950)

[DOCS] RELEASE-NOTES: disable releases

(cherry picked from commit 9a60773f1d)

[DOCS] RELEASE-NOTES: review box

(cherry picked from commit 09867dd122)

[DOCS] RELEASE-NOTES: asciicast support

(cherry picked from commit ea9658379b)

[DOCS] RELEASE-NOTES: attention blocks

(cherry picked from commit 70b387750b)

[DOCS] RELEASE-NOTES: commit cross reference

(cherry picked from commit fe706dad13)

[DOCS] RELEASE-NOTES: strip user completion border case

(cherry picked from commit 33ca51b4b6)

[DOCS] RELEASE-NOTES: card preview

(cherry picked from commit 626cd78ca6)

[DOCS] RELEASE-NOTES: raw copy button

(cherry picked from commit edfb467d64)

[DOCS] RELEASE-NOTES: allow edits by maintainers by default

(cherry picked from commit 7006405bc6)

[DOCS] RELEASE-NOTES: database auto migration is a little arcane

(cherry picked from commit 78030fa9af)

[DOCS] RELEASE-NOTES: fix typos & minor rewording

(cherry picked from commit ae1d47f656)
(cherry picked from commit ad08ca9955)

[DOCS] RELEASE-NOTES: webhook authorization header

(cherry picked from commit c35e2c4f6f)

[DOCS] RELEASE-NOTES: video element in markdown

(cherry picked from commit bcb0bd51d2)

[DOCS] RELEASE-NOTES: move scoped labels to the documentation

(cherry picked from commit c5eedaf4f3)

[DOCS] RELEASE-NOTES: cosmetic improvements

(cherry picked from commit b93df350d9)

[DOCS] RELEASE-NOTES: 1.19.0-0 is really : 1.19.0-2

(cherry picked from commit 60d770c2c9)

[DOCS] RELEASE-NOTES: relevant repositories

(cherry picked from commit de6ed5b87f)
(cherry picked from commit 71d91fdf22)

[DOCS] RELEASE-NOTES: semantic version

(cherry picked from commit af062d77f0)

[DOCS] RELEASE-NOTES: reflogs

(cherry picked from commit 084713d8aa)
(cherry picked from commit 90ad322a56)

[DOCS] RELEASE-NOTES: fix broken link to OIDC mapping

(cherry picked from commit 802a252eb5)

[DOCS] RELEASE-NOTES: Fix spaces

(cherry picked from commit a605d36ab6)

[DOCS] RELEASE-NOTES: SemVer

(cherry picked from commit 7b29c90035)
(cherry picked from commit 82799195c9)
(cherry picked from commit 5d9c2e9ec6)

[DOCS] RELEASE-NOTES: 1.19.0-3

(cherry picked from commit c599b2947d)
(cherry picked from commit 8a37027ae7)

[DOCS] RELEASE-NOTES: v1.19.1-0

(cherry picked from commit 89b9e96cc7)
(cherry picked from commit 2b4e881a4e)

[DOCS] RELEASE-NOTES: 1.19.2-0

(cherry picked from commit 0c0d2ec46c)
(cherry picked from commit 437b8caae4)

[DOCS] RELEASE-NOTES: 1.19.3-0

(cherry picked from commit 040740917e)

[DOCS] RELEASE-NOTES: 1.19.3-0 (fix typo)

(cherry picked from commit 24516cb22a)
(cherry picked from commit 429c8e6525)
(cherry picked from commit 8247bddb45)
(cherry picked from commit d77d7b7be7)
(cherry picked from commit a64c899b1d)
2023-06-05 16:33:37 +02:00
Loïc Dachary
54ece82417
[WORKFLOW] issues & pr templates
(cherry picked from commit 9dd224f00c)
(cherry picked from commit 710af007bc)
(cherry picked from commit 2ccd6e2bd6)
(cherry picked from commit b90dc5fc4f)
(cherry picked from commit bf25d98a98)
(cherry picked from commit d7c71e5985)

[WORKFLOW] Add Forgejo Next and reproducing to issue template

(cherry picked from commit 17a3988fe0)
(cherry picked from commit 9ee5b3a619)
(cherry picked from commit bebdd8d5f3)
(cherry picked from commit be7bb96d5c)
(cherry picked from commit 4ae659d63a)
(cherry picked from commit 82426f376d)
(cherry picked from commit 1cb28e3671)
(cherry picked from commit c6a2db94c4)
(cherry picked from commit 90d3eb2d13)
(cherry picked from commit 3c3e656f58)
2023-06-05 16:33:37 +02:00
Loïc Dachary
e66b8edbc6
[DOCS] README
(cherry picked from commit a47b474586)
(cherry picked from commit 2fcc61c1d9)
(cherry picked from commit 67debe2247)
(cherry picked from commit b90ffbb309)
(cherry picked from commit 07a7448148)
(cherry picked from commit a7fe270c08)
(cherry picked from commit 2f15389a9c)
(cherry picked from commit 16ba587f5d)
(cherry picked from commit 683a23b2ca)
(cherry picked from commit 3e5de3f656)
(cherry picked from commit 5789005c43)
(cherry picked from commit 75c0f11079)
(cherry picked from commit e78a272e11)
(cherry picked from commit 464a534a3a)
(cherry picked from commit 7c0b73ca6f)
2023-06-05 16:33:37 +02:00
Loïc Dachary
7757a5c34c
[DOCS] CONTRIBUTING
Refs: https://codeberg.org/forgejo/forgejo/issues/8
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/153
Refs: https://codeberg.org/forgejo/forgejo/issues/123
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/299
(cherry picked from commit 08dcef0c8c)

[DOCS] CONTRIBUTING/RELEASE: https://forgejo.org/docs/admin

Because the version is not displayed on the landing page of Forgejo,
there cannot be a link to a versionned documentation. There must exist
a link that points to the latest version on the website for the
forgejo instance to display.

Better but more complicated approaches could be to:

* Embed the documentation in Forgejo
* Allow the admin to not display the help
* Allow the admin to display a versionned help or not

(cherry picked from commit 83cc389239)
(cherry picked from commit 5df52b8a4f)
(cherry picked from commit 9a66b3d70b)

[DOCS] CONTRIBUTING/RELEASE: reminder to update FORGEJO_VERSION

(cherry picked from commit 2a4d0bd164)
(cherry picked from commit d68576ba67)

[DOCS] CONTRIBUTING: updates

* Remove obsolete description of the well being & moderation team and
  replace them with a link to the moderation email.

* Remove description of the governance process and replace with a link
  to the governance readme that did not exist at the time.

* Add links to the Forgejo documentation

(cherry picked from commit df749da272)
(cherry picked from commit 4da39128c5)
(cherry picked from commit f442ca6f40)
(cherry picked from commit 031928c447)
(cherry picked from commit 1e6ba47216)
(cherry picked from commit 8916a1f8c6)
(cherry picked from commit 663e28c412)
(cherry picked from commit d56b130baa)

[DOCS] CONTRIBUTING (squash)

(cherry picked from commit 0dc4b6e5c9)
(cherry picked from commit 52f2163807)
(cherry picked from commit 47d0ae3e10)
2023-06-05 16:33:37 +02:00
Loïc Dachary
c41ba7a148
delete Gitea specific files that need rewriting for Forgejo
Although it would be possible to modify these files, it would create
conflicts when rebasing. Instead, this commit removes them entirely
and another commit can start from scratch, borrowing content from the
original files.

The drawback of this approach is that some content updates from Gitea
that also need updating in Forgejo will have to be copy/pasted
instead of being merged.

(cherry picked from commit eb85782115)
(cherry picked from commit 34401f2004)
(cherry picked from commit ef43b1c691)
(cherry picked from commit d17fe25e2f)
(cherry picked from commit 3f65dea3e7)
(cherry picked from commit 3cacb64a1b)
(cherry picked from commit b531b014b7)
(cherry picked from commit adf6e7a840)
(cherry picked from commit 68c19d977d)
(cherry picked from commit 31aa8647ec)
(cherry picked from commit be70dd7208)
(cherry picked from commit 7f44bb60b1)
(cherry picked from commit 5098f1224b)
(cherry picked from commit dc7a859144)
(cherry picked from commit f1e78dd006)
2023-06-05 16:33:37 +02:00
Loïc Dachary
be59270696
[CI] Forgejo Actions implementation .forgejo/workflows
(cherry picked from commit 8b11cab677)
2023-06-05 15:38:11 +02:00
Earl Warren
d7c09d9cc8
[CI] Forgejo Actions workflows
(cherry picked from commit 3ff59b5379)
(cherry picked from commit 8af826a6f7)
2023-06-05 15:38:11 +02:00
Earl Warren
5d02454155
[CI] remove GitHub workflows
(cherry picked from commit f9d75d4705)
(cherry picked from commit 64f76f4ab2)
2023-06-05 15:38:11 +02:00
Earl Warren
79bbbe2dd2
[CI] disable minio test, no minio server yet in CI
(cherry picked from commit 0dd74d09d3)
(cherry picked from commit 28d2d9b212)
(cherry picked from commit 3c3db1ff0f)
2023-06-05 15:38:11 +02:00
Earl Warren
9247594970
[CI] disable redis test, no redis server yet in CI
(cherry picked from commit e1bbfa3619)
(cherry picked from commit 91245ca917)
(cherry picked from commit 705d0558be)
2023-06-05 15:38:11 +02:00
Loïc Dachary
a74d7ce6c5
[CI] tests/pgsql.ini.tmpl: do not use minio
f92e0a4018 added minio to the tests/pgsql.ini.tmpl and Forgejo CI does
not run a minio server. It will if there are external storage related
changes at some point but it is not the case now so it is not worth
the burden.

(cherry picked from commit 4cfbf4718d)
(cherry picked from commit 9bd644d601)
(cherry picked from commit 604636c7c4)
(cherry picked from commit 341cdb8540)
(cherry picked from commit 57bdc91de5)
(cherry picked from commit c6ec6517b4)
(cherry picked from commit 2f03fc1b29)
(cherry picked from commit aaecd10966)
(cherry picked from commit 7025ff7b06)
(cherry picked from commit 15e6485ae1)
(cherry picked from commit 5f7b23c659)
2023-06-05 15:38:11 +02:00
Loïc Dachary
818c7f4ca9
[CI] set PASSWORD_HASH_ALGO = argon2 for integration tests
(cherry picked from commit 1d7ce2a39c)
(cherry picked from commit 3af8757583)
(cherry picked from commit 0b81815209)
(cherry picked from commit 7180a3222a)
(cherry picked from commit 069044f4a6)
(cherry picked from commit dd1438f389)
(cherry picked from commit 4ae6b5d64d)
(cherry picked from commit c572666d78)
(cherry picked from commit de0a4480bc)
(cherry picked from commit 60272ef4f7)
(cherry picked from commit a68fdde4be)
(cherry picked from commit ff448cf3a6)
(cherry picked from commit 208498caaa)
(cherry picked from commit 1abd3efad8)
2023-06-05 15:38:11 +02:00
Loïc Dachary
86bf362a3c
[CI] implementation: forgejo container images
(cherry picked from commit dd1971d4e6)
(cherry picked from commit 3981dbaf8c)
(cherry picked from commit 8dff3cc2d1)
(cherry picked from commit e7673e5d22)
(cherry picked from commit 326174064b)
(cherry picked from commit eb769dbde4)
(cherry picked from commit 335829ade2)
(cherry picked from commit 5e8e4f549d)

Conflicts:
	Dockerfile
	Dockerfile.rootless
(cherry picked from commit b777fc91d0)
(cherry picked from commit 02cda642ec)
(cherry picked from commit 96ef93f3bc)
(cherry picked from commit aa424551f2)

Conflicts:
	Dockerfile
	Dockerfile.rootless
(cherry picked from commit e54fa86e49)
(cherry picked from commit 043fa6d664)
(cherry picked from commit 805b162480)
2023-06-05 15:38:11 +02:00
Loïc Dachary
b570eca0b9
[CI] implementation: Woodpecker based CI
(cherry picked from commit c2a7aaeee8)
(cherry picked from commit 6b6007fbce)
(cherry picked from commit 63608a221e)
(cherry picked from commit 5cfe60baa7)
(cherry picked from commit 2af4c73d12)
(cherry picked from commit 1985959bfe)
(cherry picked from commit 880424c77e)
(cherry picked from commit c78a861d1b)
(cherry picked from commit 25c1227011)
(cherry picked from commit 7195e894ee)
(cherry picked from commit cf15153873)
(cherry picked from commit 9bee773c95)
(cherry picked from commit 581c3060da)
(cherry picked from commit bf550f9b2c)
2023-06-05 15:38:11 +02:00
Loïc Dachary
83646119fb
[CI] implementation: publish forgejo- binaries instead of gitea-
(cherry picked from commit 6d910daafb)
(cherry picked from commit d447861cc9)
(cherry picked from commit dc6e9d8799)
(cherry picked from commit ef232fa20c)
(cherry picked from commit 290c55517a)
(cherry picked from commit db48af1784)
(cherry picked from commit 85f33237a2)
(cherry picked from commit 76899ee33e)
(cherry picked from commit 148b3ee9cb)
(cherry picked from commit 1f6ad8f465)
(cherry picked from commit c330afdba3)
(cherry picked from commit b1f87075a7)
(cherry picked from commit 7da40992cc)
(cherry picked from commit 7ab19ff5e5)
(cherry picked from commit e61e44921b)
2023-06-05 15:38:11 +02:00
Wim
62ac3251fa
Remove stars when repo goes private (#19904)
Fixes #18600
2023-06-05 13:25:43 +00:00
wxiaoguang
8e63373c01
Use correct selector for hiding RSS icon link in the branch selector dropdown (#25080)
Fix  #25079


![image](https://github.com/go-gitea/gitea/assets/2114189/5d3f2f49-018a-4b75-8c90-ffafd898697a)


![image](https://github.com/go-gitea/gitea/assets/2114189/3e9dcf2e-eca7-4e96-be79-3b26f222cdb9)


![image](https://github.com/go-gitea/gitea/assets/2114189/855fffa4-0220-4ca2-a5e0-58c376fdc378)


![image](https://github.com/go-gitea/gitea/assets/2114189/f5ffa7e6-a974-4698-a45d-e38091903be1)
2023-06-05 12:34:25 +00:00
Lunny Xiao
315124b469
Fix parallelly generating index failure with Mysql (#24567) 2023-06-05 10:33:47 +00:00
Lunny Xiao
3d1fda737b
Use git command instead of the ini package to remove the origin remote (#25066) 2023-06-05 18:05:31 +08:00
Lunny Xiao
d851bd9a6b
improve permission documentation (#23942) 2023-06-05 15:43:17 +08:00
Lunny Xiao
11598885b3
Use RepositoryList instead of []*Repository (#25074) 2023-06-05 15:25:47 +08:00
Denys Konovalov
ca35dec18b
Add ability to set multiple redirect URIs in OAuth application UI (#25072)
OAuth applications can already have multiple redirect URIs if
created/edited over API.

This change allows for setting multiple redirect URIs through the UI as
a comma-separated list (e. g.
`https://example.org/redirect,https://redirect.example.org`)

<details>
<summary>Screenshots</summary>

![Bildschirmfoto vom 2023-06-04
17-14-40](https://github.com/go-gitea/gitea/assets/47871822/2206dc32-e7e4-4953-9ecb-e098890b3f54)
![Bildschirmfoto vom 2023-06-04
17-14-50](https://github.com/go-gitea/gitea/assets/47871822/cd97c73c-9310-44ee-a83a-b927a1ef94da)

</details>

Closes #25068
2023-06-05 15:00:12 +08:00
JakobDev
7d192cb674
Add Progressbar to Milestone Page (#25050)
This is adds the progress bar, which is already on the Milestone List,
also to the Page of a Single Milestone.


![grafik](https://github.com/go-gitea/gitea/assets/15185051/24e0fa28-369b-4bb9-807a-ee823b46ba81)

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-06-05 14:25:46 +08:00
GiteaBot
d63d8108b4 [skip ci] Updated licenses and gitignores 2023-06-05 00:27:49 +00:00
Jack Hay
18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
wxiaoguang
520eb57d76
Use a separate admin page to show global stats, remove actions stat (#25062)
Before, Gitea shows the database table stats on the `admin dashboard`
page.

It has some problems:

* `count(*)` is quite heavy. If tables have many records, this blocks
loading the admin page blocks for a long time
* Some users had even reported issues that they can't visit their admin
page because this page causes blocking or `50x error (reverse proxy
timeout)`
* The `actions` stat is not useful. The table is simply too large. Does
it really matter if it contains 1,000,000 rows or 9,999,999 rows?
* The translation `admin.dashboard.statistic_info` is difficult to
maintain.

So, this PR uses a separate page to show the stats and removes the
`actions` stat.


![image](https://github.com/go-gitea/gitea/assets/2114189/babf7c61-b93b-4a62-bfaa-22983636427e)

## ⚠️ BREAKING

The `actions` Prometheus metrics collector has been removed for the
reasons mentioned beforehand.
Please do not rely on its output anymore.
2023-06-03 22:03:41 +08:00
Yarden Shoham
4486dd39e7
Remove cancel button from branch protection form (#25063)
It caused bugs. To cancel, just navigate away.

- Follows #21381 and #21872
- Resolves #25038 

## Before

![image](https://github.com/go-gitea/gitea/assets/20454870/068c8d96-fc50-4725-8af2-d953e9f39024)

## After

![image](https://github.com/go-gitea/gitea/assets/20454870/105d5c50-e490-456a-a253-269b174c09ab)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-06-03 20:06:09 +08:00
Denys Konovalov
7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033)
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
2023-06-03 05:59:28 +02:00
kodermho
7fca4056c4
Fix link to customizing-gitea (#25056)
The link to customizing-gitea in the label documentation is broken. This
PR should adjust the relative path to fix the link
2023-06-03 04:27:40 +02:00
6543
af3deb0b30
GitLab migration: Sanitize response for reaction list (#25054) 2023-06-02 20:35:50 +00:00
Tyrone Yeh
b6d8d695da
Add up and down arrows to selected lookup repositories (#24727)
Use up and down arrow key to select repositories


![image](https://github.com/go-gitea/gitea/assets/1255041/3f3bce64-86d9-4b37-994b-3d129ebf48d9)

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-06-02 18:39:07 +00:00
Kyle D
72eedfb915
Show file tree by default (#25052)
Feel free to close this if there isn't interest.

The tree view looks amazing, and all of our users are really enjoying it
(major kudos to developers!), but only IF I tell them it exists!

Essentially, the file tree view as it is effectively undiscoverable.  

This PR changes the default state for the tree view to open, which
should significantly help with discoverability.

An alternative could be to reserve more horizontal space, as a typical
accordion panel would look (eg. VS Code), eg.

![image](https://github.com/go-gitea/gitea/assets/12700993/505ea40c-42b1-4111-b306-48e51e8e2130)
2023-06-02 23:39:01 +08:00
wxiaoguang
e3897148f9
Minor UI improvements: logo alignment, auth map editor, auth name display (#25043)
Some minor UI improvements together (then no need to review 3 small PRs)

# The Map for auth sources

Close #24826

Now the LDAP and OAuth2 both have multiple line editor for the map (and
it can be resized by the handler)

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/7eed1618-0d71-4df2-84bd-ca20a06c02db)


![image](https://github.com/go-gitea/gitea/assets/2114189/a94dc6dc-0e3b-4185-bac1-8d16561b8e62)

</details>


# The account link display

Before, the UI is misaligned

This PR fixes the misalignment, remove "float right", and show the auth
source name and auth type (in the tooltip).

And the "active" color is changed from dark red to primary color.

Before:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/3bb4a8f2-2f66-4d62-ac96-096f14aeb819)

</details>

After:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/05ca46ae-7769-422d-a52a-b7402679cd05)

</details>

# The UI logo alignment

Changed file: `css/base.css`.

Before, there were some "fine tunes", these "fine tunes" only causes
misalignment.

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/395b03c2-6e8c-4742-abf9-8d548dab908d)

</details>

After this PR:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/3339acdc-7391-45bc-b6ec-a5b3bc7830a6)


![image](https://github.com/go-gitea/gitea/assets/2114189/656a7bee-cdfb-4232-aee9-25b76cae8e00)

</details>
2023-06-02 18:02:20 +08:00
wxiaoguang
de4a21fcb4
Refactor INI package (first step) (#25024)
The INI package has many bugs and quirks, and in fact it is
unmaintained.

This PR is the first step for the INI package refactoring: 

* Use Gitea's "config_provider" to provide INI access
* Deprecate the INI package by golangci.yml rule
2023-06-02 17:27:30 +08:00
GiteaBot
7a5873335a [skip ci] Updated translations via Crowdin 2023-06-02 00:26:50 +00:00
silverwind
c5ede35124
Add button on diff header to copy file name, misc diff header tweaks (#24986)
1. Add this button:

<img width="232" alt="Screenshot 2023-05-29 at 15 21 47"
src="https://github.com/go-gitea/gitea/assets/115237/5eaf6bd1-83db-4ffc-9503-eda0c59807d2">
<img width="297" alt="Screenshot 2023-05-29 at 15 20 22"
src="https://github.com/go-gitea/gitea/assets/115237/708a344f-f6d7-4229-bfda-76e1571b42c8">

2. Correct `button-link` styles to not have a background hover effect.
3. Tweak `.ui.container` padding to be the same for fluid and non-fluid.

4. Misc enhancements to diff header:

Before:
<img width="984" alt="Screenshot 2023-05-29 at 15 38 53"
src="https://github.com/go-gitea/gitea/assets/115237/c7926f6a-bd0a-4b05-97ad-c91fc25c62d5">

After:
<img width="987" alt="Screenshot 2023-05-29 at 15 43 10"
src="https://github.com/go-gitea/gitea/assets/115237/0149f545-45f8-42cf-b443-e1c76bd5cdeb">
2023-06-01 10:47:28 +00:00
Lunny Xiao
5d23c885ed
Fix users cannot visit issue attachment bug (#25019)
Caused by #24362

Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-31 19:06:17 +02:00
wxiaoguang
48bfea6705
Fix incorrect issuel filter menu style (#25018)
Before:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/b67b3a83-ebe4-4dac-b4b2-de93401d7ab2)

</details>

After:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/fbf34418-2ddf-4d47-82da-155823501d31)


![image](https://github.com/go-gitea/gitea/assets/2114189/1b275de3-8c16-4873-b056-0df430c882f0)

</details>
2023-05-31 12:44:28 +02:00
wxiaoguang
a90988d63f
Update repo's default branch when adding new files in an empty one (#25017)
Fix #25014

Only API needs this fix. On the Web UI, users could only add new file on
the default branch.
2023-05-31 17:07:51 +08:00