Commit graph

4143 commits

Author SHA1 Message Date
Michael Jerger
c4eb763f4a lint fix 2024-02-10 15:18:45 +01:00
Michael Jerger
9a9ac33766 lint fix 2024-02-10 15:18:44 +01:00
Michael Jerger
ca5eaa8c6b introduce FI Factory 2024-02-10 15:18:43 +01:00
Michael Jerger
dabd773f6b Fix error handling & add timestamp check 2024-02-10 15:18:43 +01:00
Clemens
7d30d14c76 breaking struct adjustment 2024-02-10 15:18:42 +01:00
Clemens
1f989f2ecd Added FederationInfo Create function 2024-02-10 15:18:41 +01:00
Michael Jerger
380d3db0bf integrate federation info in api call 2024-02-10 15:18:40 +01:00
Clemens
52400f7978 Added FederationInfo get methods for repository 2024-02-10 15:18:37 +01:00
Michael Jerger
bbccc24ed1 test federationinfo validation 2024-02-10 15:18:32 +01:00
Michael Jerger
c67be3b668 start work on federationinfo 2024-02-10 15:18:29 +01:00
Michael Jerger
8610d94af8 start work on federationinfo 2024-02-10 15:18:29 +01:00
Michael Jerger
6e46739090 validate person 2024-02-10 15:17:14 +01:00
Michael Jerger
0505baab2b ad validation for like activity 2024-02-10 15:17:13 +01:00
Michael Jerger
3ab2d9a449 rename star -> ForgeLike 2024-02-10 15:17:12 +01:00
Michael Jerger
4473fb788a start refactoring star->like 2024-02-10 15:17:11 +01:00
Michael Jerger
38438b592f rebase conflicts to fix 2024-02-10 15:17:10 +01:00
Michael Jerger
8116214727 introduce nodeinfo 2024-02-10 15:17:07 +01:00
bom
310d740cee Start NodeInfo implementation 2024-02-10 15:17:05 +01:00
Michael Jerger
3c2493902d adjust to ugly linting 2024-02-10 15:17:05 +01:00
Michael Jerger
e704e5adcc adjust to ugly linting 2024-02-10 15:17:04 +01:00
erik
1e40b814a1 Linting 2024-02-10 15:17:03 +01:00
erik
8585edc47a Linting 2024-02-10 15:17:03 +01:00
Michael Jerger
a64ce2feb1 removed resolved todos 2024-02-10 15:17:02 +01:00
erik
2e031a9763 WIP Generic IsValid for *Id structs 2024-02-10 15:17:01 +01:00
erik
e69e5df089 Assume validated url.URL for NewActorID 2024-02-10 15:17:00 +01:00
Michael Jerger
6e4467d49d experiment on generalization 2024-02-10 15:16:59 +01:00
erik
75cc5b900d Add review todo 2024-02-10 15:16:59 +01:00
erik
1dd3084f66 Split test according to actor.go 2024-02-10 15:16:58 +01:00
erik
c887bddb72 Attempt generalization of Id creation 2024-02-10 15:16:57 +01:00
erik
0378b2dc7d Add questions for review discussion 2024-02-10 15:16:36 +01:00
Michael Jerger
1704ac5bc2 fix most of the tests 2024-02-10 15:14:35 +01:00
Michael Jerger
e1d7db178c unify logging & minor improvements 2024-02-10 15:14:31 +01:00
Michael Jerger
3172eb69d2 introduce RepositoryId 2024-02-10 15:14:08 +01:00
Michael Jerger
1fe35e14a5 mv our actor code to forgefed 2024-02-10 15:14:07 +01:00
Michael Jerger
abdf56dde1 move forgefed to models 2024-02-10 15:14:06 +01:00
Michael Jerger
184388015d added more tests 2024-02-10 15:10:39 +01:00
Michael Jerger
b5a467e94d remove unused & implement webfinger 2024-02-10 15:10:38 +01:00
Michael Jerger
e8371ca94c ActorId -> PersonId 2024-02-10 15:10:37 +01:00
Michael Jerger
3151c8fe81 make validate more compact 2024-02-10 15:10:37 +01:00
Michael Jerger
be4d3544ae Refactor ActorID -> ActorId 2024-02-10 15:10:36 +01:00
Michael Jerger
afcc7f0def factory instead of parse & validate 2024-02-10 15:10:35 +01:00
erik
3c515c2614 Add review todos 2024-02-10 15:10:33 +01:00
erik
6ad52a6d67 Update tests 2024-02-10 15:10:24 +01:00
erik
25d34e0c14 Check for empty path in IRI 2024-02-10 15:10:22 +01:00
erik
fa1acd1ebb Extract url string validation and parsing from ActorID parsing 2024-02-10 15:10:19 +01:00
erik
4d3ab4dda2 Update Validate() 2024-02-10 15:10:19 +01:00
erik
39d4c8dd2d Generalize validate_is_not_empty 2024-02-10 15:10:17 +01:00
erik
085db0c127 Remove todo 2024-02-10 15:10:16 +01:00
Michael Jerger
28a290da10 reviewed current work 2024-02-10 15:10:13 +01:00
erik
02dc8901af Fix tests 2024-02-10 15:10:13 +01:00
erik
68cd621053 Test for empty string 2024-02-10 15:10:12 +01:00
erik
946e5cf34c Remove typo in func 2024-02-10 15:10:10 +01:00
erik
c0f1681fa3 Allow parsing of repository-id too 2024-02-10 15:10:09 +01:00
erik
4f25e5057a Make the source an argument to the parser 2024-02-10 15:10:08 +01:00
erik
52e950a492 Check the path for empty strings 2024-02-10 15:10:06 +01:00
erik
65f7124c67 Use u.Hostname() instead of u.Host
u.Host returns hostname:port.
2024-02-10 15:10:05 +01:00
erik
27c9db1027 Better function descriptions 2024-02-10 15:10:05 +01:00
Michael Jerger
9b5d8bbeda If we use user.loginname to store the actor.id we can search for local users earlier 2024-02-10 15:10:04 +01:00
erik
fde8de4f90 Rename to ParseActorIDFromStarActivity 2024-02-10 15:09:35 +01:00
erik
ede86df685 Remove todo 2024-02-10 15:09:34 +01:00
erik
8a53331283 Add ToDo 2024-02-10 15:09:30 +01:00
erik
9568eab62a Fix tests 2024-02-10 15:09:29 +01:00
erik
566b3bc459 Parse Actor from star activity, Update function declaration order 2024-02-10 15:09:28 +01:00
erik
3a938b6c3f Use and validate source in ActorID struct 2024-02-10 15:09:28 +01:00
erik
9566e9bc5d Change tests to use IsValid method 2024-02-10 15:09:27 +01:00
erik
fccf5c37ca Add IsValid and PanicIfInvalid methods for ActorID 2024-02-10 15:09:26 +01:00
erik
8300d3fbde Add ToDos from code review 2024-02-10 15:09:25 +01:00
erik
91baf2be32 Add get functions for userId and HostAndPort 2024-02-10 15:09:23 +01:00
erik
92c089a4e2 Add a test for getting host and port 2024-02-10 15:09:23 +01:00
erik
8657f70960 Add todo 2024-02-10 15:09:21 +01:00
erik
5efce01f6f Make test messages consistent 2024-02-10 15:09:21 +01:00
erik
ad8adc880f Create easier to read tests for parser and validator 2024-02-10 15:09:20 +01:00
erik
62eae6564f Fix bug in validation 2024-02-10 15:09:20 +01:00
erik
d205c50a43 Implement generic validation on ActorID 2024-02-10 15:09:19 +01:00
erik
7b5d13a625 Split check for schema and host 2024-02-10 15:09:19 +01:00
erik
3d2b5115ad Implement and use Validatable interface 2024-02-10 15:09:18 +01:00
erik
235ed7cd1e Rename to actorID 2024-02-10 15:09:18 +01:00
Michael Jerger
fbff67f11a add some more todos 2024-02-10 15:09:09 +01:00
erik
5729cee3e5 Move test to model/activitypub 2024-02-10 15:09:07 +01:00
erik
78fc75135f Rename to ActorData 2024-02-10 15:09:04 +01:00
erik
09058c13c5 Rename to actor 2024-02-10 15:09:01 +01:00
erik
273ca49e22 Validate on ActorData independently and move to model 2024-02-10 15:08:58 +01:00
Earl Warren
094c84ed6d
Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
Earl Warren
d7e1854884
Merge branch 'rebase-forgejo-branding' into wip-forgejo 2024-02-05 18:58:18 +01:00
Earl Warren
030cdd6ae2
[GITEA] Allow changing the email address before activation (squash)
See https://codeberg.org/forgejo/forgejo/pulls/2300
2024-02-05 16:57:58 +01:00
Earl Warren
036f1eddc5
[GITEA] avoid superfluous synchronized pull_request run when opening a PR (#2236)
* Split TestPullRequest out of AddTestPullRequestTask
* Before scheduling the task, AddTestPullRequestTask stores the max
  index of the repository
* When the task runs, it does not take into account pull requests that
  have an index higher than the recorded max index

When AddTestPullRequestTask is called with isSync == true, it is the
direct consequence of a new commit being pushed. Forgejo knows nothing
of this new commit yet. If a PR is created later and its head
references the new commit, it will have an index that is higher and
must not be taken into account. It would be acting and triggering a
notification for a PR based on an event that happened before it
existed.

Refs: https://codeberg.org/forgejo/forgejo/issues/2009
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2236
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit b3be895a30)
2024-02-05 16:57:58 +01:00
Gergely Nagy
2ca4862f8b
[GITEA] Allow changing the repo Wiki branch to main
Previously, the repo wiki was hardcoded to use `master` as its branch,
this change makes it possible to use `main` (or something else, governed
by `[repository].DEFAULT_BRANCH`, a setting that already exists and
defaults to `main`).

The way it is done is that a new column is added to the `repository`
table: `wiki_branch`. The migration will make existing repositories
default to `master`, for compatibility's sake, even if they don't have a
Wiki (because it's easier to do that). Newly created repositories will
default to `[repository].DEFAULT_BRANCH` instead.

The Wiki service was updated to use the branch name stored in the
database, and fall back to the default if it is empty.

Old repositories with Wikis using the older `master` branch will have
the option to do a one-time transition to `main`, available via the
repository settings in the "Danger Zone". This option will only be
available for repositories that have the internal wiki enabled, it is
not empty, and the wiki branch is not `[repository].DEFAULT_BRANCH`.

When migrating a repository with a Wiki, Forgejo will use the same
branch name for the wiki as the source repository did. If that's not the
same as the default, the option to normalize it will be available after
the migration's done.

Additionally, the `/api/v1/{owner}/{repo}` endpoint was updated: it will
now include the wiki branch name in `GET` requests, and allow changing
the wiki branch via `PATCH`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit d87c526d2a)
2024-02-05 16:57:47 +01:00
Earl Warren
209610075a
[TESTS] add log.Level to test.NewLogChecker
So the caller can check log events at the desired level instead of
being limited to the default level log.INFO

(cherry picked from commit 2fbf5f9555)
(cherry picked from commit e2137a3147)
2024-02-05 16:54:44 +01:00
Gusted
6fb55e9c08
[GITEA] Add slow SQL query warning (squash) Fix setting typo
- Fix typo in the slow query threshold setting, add a deprecation warning.
- Resolves #2203

(cherry picked from commit 02f6608e5f)
(cherry picked from commit 4e8f6b2ffd)
2024-02-05 16:54:44 +01:00
Earl Warren
fe8622dae3
Revert "Fix schedule tasks bugs (#28691)"
This reverts commit 97292da960.

(cherry picked from commit 83e5eba031)
(cherry picked from commit f6ef8f3819)

Conflicts:
	services/repository/setting.go
2024-02-05 16:54:42 +01:00
Gergely Nagy
bc7e448d49
[GITEA] Rework when recently pushed branches are displayed
With this change, the "You pushed on branch xyz" banner will be
displayed when either the viewed repository or its base repo (if the
current one's a fork) has pull requests enabled. Previously it only
displayed if the viewed repo had PRs enabled.

Furthermore, if the viewed repository is an original repository that the
viewing user has a fork of, if the forked repository has recently pushed
branches, then the banner will appear for the original repository too.
In this case, the notification will include branches from the viewing
user's fork, and branches they pushed to the base repo, too.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2195

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit a29f10661d)
(cherry picked from commit 70c5e2021d)
(cherry picked from commit 48b25be67a)
2024-02-05 16:09:43 +01:00
Gergely Nagy
3bdfb7a7aa
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.

As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.

This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.

The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.

Fixes #132.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41db)
(cherry picked from commit 06b808fa2c)
(cherry picked from commit 9205c9266a)
(cherry picked from commit 47863d4f72)
2024-02-05 16:09:43 +01:00
Gusted
d1cb590c78
[GITEA] Log SQL queries when the database return error
- When the database returns an error about the SQL query, the error is
logged but not the SQL query and arguments, which is just as valuable as
the vague deeply hidden documented error that the database returns.
It's possible to log the SQL query by logging **all** SQL queries. For
bigger instances such as Codeberg, this is not a viable option.
- Adds a new hook, enabled by default, to log SQL queries with their
arguments and the error returned by the database when the database
returns an error.
- This likely needs some fine tuning in the future to decide when to
enable this, as the error is already logged and if people have the
`[database].LOG_SQL` option enabled, the SQL would be logged twice. But
given that it's an rare occurence for SQL queries to error, it's fine to
leave that as-is.
- Ref: https://codeberg.org/forgejo/forgejo/issues/1998

(cherry picked from commit 866229bc32)
(cherry picked from commit 96dd3e87cf)
(cherry picked from commit e165510317)
(cherry picked from commit 1638e2b3f5)
2024-02-05 16:09:43 +01:00
Gergely Nagy
36f7c162e2
[FEAT] Repository flags
This implements "repository flags", a way for instance administrators to
assign custom flags to repositories. The idea is that custom templates
can look at these flags, and display banners based on them, Forgejo does
not provide anything built on top of it, just the foundation. The
feature is optional, and disabled by default. To enable it, set
`[repository].ENABLE_FLAGS = true`.

On the UI side, instance administrators will see a new "Manage flags"
tab on repositories, and a list of enabled tags (if any) on the
repository home page. The "Manage flags" page allows them to remove
existing flags, or add any new ones that are listed in
`[repository].SETTABLE_FLAGS`.

The model does not enforce that only the `SETTABLE_FLAGS` are present.
If the setting is changed, old flags may remain present in the database,
and anything that uses them, will still work. The repository flag
management page will allow an instance administrator to remove them, but
not set them, once removed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ba735ce222)
(cherry picked from commit f09f6e029b)
(cherry picked from commit 2f8b041489)
(cherry picked from commit d3186ee5f4)
2024-02-05 16:09:42 +01:00
Earl Warren
2e172b3c9c
[GITEA] add option for banning dots in usernames (squash) set in test
(cherry picked from commit b005b586c3)
(cherry picked from commit 0077b2661e)
(cherry picked from commit c4589d1fce)
(cherry picked from commit a7f9ff982c)
2024-02-05 16:09:42 +01:00
Gergely Nagy
f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212)
(cherry picked from commit 20d14f7844)
(cherry picked from commit 4359741431)
(cherry picked from commit 35cff45eb8)
(cherry picked from commit 2fc0d0b8a3)
2024-02-05 16:09:42 +01:00
Gusted
5c0894a588
[GITEA] Avoid WHERE IN for comment migration query
- Rewrite `UpdateCommentsMigrationsByType` to not use `WHERE IN` as
that's a performance diaster for MariaDB, it now use batching to query
the the relevant comment IDs via JOINs (which is not possible in a
UPDATE query for SQLite) and then update them in a seperate query.
- Add unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1856

(cherry picked from commit 8098ca9d2e)

Conflicts:
	models/issues/comment.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit ca65deba1c)
(cherry picked from commit 0e1e09e77d)
(cherry picked from commit 19013ba5ea)
(cherry picked from commit 23c887f97e)
(cherry picked from commit b3321d1a84)
2024-02-05 16:09:42 +01:00
Gergely Nagy
5eeccecafc
[GITEA] Optionally allow anyone to edit Wikis
This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b74439922)
(cherry picked from commit 337cf62c10)
(cherry picked from commit b6786fdb32)
(cherry picked from commit a5d2829a10)

[GITEA] Optionally allow anyone to edit Wikis (squash) AddTokenAuth

(cherry picked from commit fed50cf72e)
(cherry picked from commit 42c55e494e)
(cherry picked from commit e3463bda47)
2024-02-05 16:09:42 +01:00
Gusted
f3f888ed13
[GITEA] Fix session generation for database
- If the session doesn't exist, it shouldn't be expected that the
variable is non-nil. Define the session variable instead and insert that.
- Add unit tests to test the behavior of the database sessions code .
- Regression caused by dd30d9d5c0.
- Resolves https://codeberg.org/forgejo/forgejo/issues/2042

(cherry picked from commit 90307ad200)
(cherry picked from commit 874ef1978d)
(cherry picked from commit 27d5f035fc)
(cherry picked from commit 65dbc4303b)

[GITEA] Fix session generation for database (squash) timeutil.Mock

because of e743570f65 * Refactor timeutil package (#28623)

(cherry picked from commit acc6b51be2)
(cherry picked from commit 02b74317f2)
(cherry picked from commit 63b9b624bd)
(cherry picked from commit 7752ff8baa)
(cherry picked from commit c0af4d9438)
2024-02-05 16:09:41 +01:00
Gergely Nagy
d4fc0d2c5a
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4)
(cherry picked from commit 639dafabec)
(cherry picked from commit d699c12ceb)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e5)
(cherry picked from commit 03989418a7)
(cherry picked from commit f50e0dfe5e)
(cherry picked from commit cad9184a36)
(cherry picked from commit e2da5d7fe1)
(cherry picked from commit 3a80534d4d)
2024-02-05 16:09:41 +01:00