0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-10 00:20:34 -05:00
Beyond coding. We forge.
Find a file
Gusted fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
.devcontainer
.forgejo [CI] Forgejo Actions based release process (squash) no ownca 2023-12-28 17:27:34 +01:00
.gitea [WORKFLOW] yaml issue templates 2023-11-13 12:33:49 +01:00
.github Fix Docker meta action for releases (#28232) (#28395) 2023-12-08 13:41:16 +01:00
assets [GITEA] Use maintained gziphandler 2024-01-16 14:09:55 +00:00
build [I18N] Add Locale merger script (squash) abort on NOOP 2023-11-28 17:52:11 +01:00
cmd fixed duplicate attachments on dump on windows (#28019) (#28031) 2023-11-22 17:11:57 +01:00
contrib [BRANDING] parse FORGEJO__* in the container environment 2023-11-13 14:00:15 +01:00
custom/conf Refactor CORS handler (#28587) (#28611) 2024-01-16 14:08:38 +00:00
docker [BRANDING] cosmetic s/Gitea/Forgejo/ in logs, messages, etc. 2023-11-13 13:58:17 +01:00
docs Improve 1.21 document for Database Preparation (#28643) (#28644) 2024-01-16 14:11:02 +00:00
models [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
modules [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
options Only check online runner when detecting matching runners in workflows (#28286) (#28512) 2023-12-22 12:10:03 +01:00
public [BRANDING] security.txt 2023-11-13 14:01:11 +01:00
releases/images [DOCS] RELEASE-NOTES.md 2023-11-13 12:33:48 +01:00
routers [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
services [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
snap
templates Fix wrong due date rendering in issue list page (#28588) (#28591) 2024-01-16 14:07:46 +00:00
tests [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
web_src Fix flex container width (#28603) (#28605) 2024-01-16 14:07:46 +00:00
.air.toml
.changelog.yml Adapt .changelog.yml to new labeling system (#27701) (#27702) 2023-10-20 00:29:50 +02:00
.dockerignore
.editorconfig
.eslintrc.yaml Update JS and PY dependencies (#27501) (#27518) 2023-10-08 19:31:33 +02:00
.gitattributes [META] Use correct language for .tmpl 2023-11-13 12:33:48 +01:00
.gitignore [I18N] Makefile + gitignore 2023-11-13 13:57:47 +01:00
.gitpod.yml
.golangci.yml
.ignore
.markdownlint.yaml Enable markdownlint no-duplicate-header (#27500) (#27506) 2023-10-07 21:41:41 +08:00
.npmrc
.spectral.yaml
.stylelintrc.yaml
.yamllint.yaml fully replace drone with actions (#27556) (#27575) 2023-10-11 12:03:06 +00:00
BSDmakefile Fix build errors on BSD (in BSDMakefile) (#27594) (#27608) 2023-10-14 07:29:55 +00:00
build.go
CHANGELOG.md Add changelog for 1.21.3 (#28569) 2023-12-22 12:10:03 +01:00
CODEOWNERS [META] Add CODEOWNERS files 2023-11-13 12:33:49 +01:00
CONTRIBUTING.md [DOCS] CONTRIBUTING 2023-11-13 12:33:47 +01:00
DCO
Dockerfile [CI] Forgejo Actions based release process (squash) gitea to forgejo 2023-11-13 13:58:18 +01:00
Dockerfile.rootless [CI] Forgejo Actions based release process (squash) gitea to forgejo 2023-11-13 13:58:18 +01:00
go.mod [GITEA] Use maintained gziphandler 2024-01-16 14:09:55 +00:00
go.sum [GITEA] Use maintained gziphandler 2024-01-16 14:09:55 +00:00
LICENSE [DOCS] LICENSE: add Forgejo Authors 2023-11-13 12:33:48 +01:00
main.go [BRANDING] alias {FORGEJO,GITEA}_{CUSTOM,WORK_DIR} 2023-11-13 13:58:18 +01:00
MAINTAINERS Apply lng2020 to maintainers (#27068) 2023-09-14 12:10:12 +08:00
Makefile [SEMVER] 6.0.3+0-gitea-1.21.3 2023-12-22 11:56:45 +01:00
package-lock.json Fix the scroll behavior for emoji/mention list (#28597) (#28601) 2024-01-16 14:07:46 +00:00
package.json Revert "[GITEA] Downgrade @github/combobox-nav" 2024-01-16 13:37:29 +00:00
playwright.config.js
poetry.lock Update JS and PY dependencies (#27501) (#27518) 2023-10-08 19:31:33 +02:00
poetry.toml
pyproject.toml [BRANDING] cosmetic s/Gitea/Forgejo/ in logs, messages, etc. 2023-11-13 13:58:17 +01:00
README.md [BRANDING] add Forgejo logo 2023-11-13 13:58:17 +01:00
RELEASE-NOTES.md [DOCS] RELEASE-NOTES.md 2023-11-13 12:33:48 +01:00
vitest.config.js Use vitest globals (#27102) (#27311) 2023-09-27 16:10:08 +02:00
webpack.config.js [API] Forgejo API /api/forgejo/v1 2023-11-13 12:33:48 +01:00

Welcome to Forgejo

Hi there! Tired of big platforms playing monopoly? Providing Git hosting for your project, friends, company or community? Forgejo (/for'd͡ʒe.jo/ inspired by forĝejo the Esperanto word for forge) has you covered with its intuitive interface, light and easy hosting and a lot of builtin functionality.

Forgejo was created in 2022 because we think that the project should be owned by an independent community. If you second that, then Forgejo is for you! Our promise: Independent Free/Libre Software forever!

What does Forgejo offer?

If you like any of the following, Forgejo is literally meant for you:

  • Lightweight: Forgejo can easily be hosted on nearly every machine. Running on a Raspberry? Small cloud instance? No problem!
  • Project management: Besides Git hosting, Forgejo offers issues, pull requests, wikis, kanban boards and much more to coordinate with your team.
  • Publishing: Have something to share? Use releases to host your software for download, or use the package registry to publish it for docker, npm and many other package managers.
  • Customizable: Want to change your look? Change some settings? There are many config switches to make Forgejo work exactly like you want.
  • Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more. If you have advanced needs, Forgejo has you covered.
  • Privacy: From update checker to default settings: Forgejo is built to be privacy first for you and your crew.
  • Federation: (WIP) We are actively working to connect software forges with each other through ActivityPub, and create a collaborative network of personal instances.

Learn more

Dive into the documentation, subscribe to releases and blog post on our website, find us on the Fediverse or hop into our Matrix room if you have any questions or want to get involved.

Get involved

If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please take a look at the contribution guide.