Merge branch 'master' into slight-performance-improvement-for-last-commit-cache

Author: zeripath

Makefile

@@ -613,6 +613,9 @@ release-windows: | $(DIST_DIRS)
 		$(GO) install src.techknowlogick.com/xgo@latest; \
 	fi
 	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+ifeq (,$(findstring gogit,$(TAGS)))
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+endif
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
@@ -733,8 +736,8 @@ generate-gitignore:
 	GO111MODULE=on $(GO) run build/generate-gitignores.go
 
 .PHONY: generate-images
-generate-images:
-	npm install --no-save --no-package-lock fabric imagemin-zopfli
+generate-images: | node_modules
+	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
 	node build/generate-images.js $(TAGS)
 
 .PHONY: generate-manpage

build/generate-images.js

@@ -1,10 +1,11 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize, extendDefaultPlugins} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'fs/promises';
+import fs from 'fs';
 import {resolve, dirname} from 'path';
 import {fileURLToPath} from 'url';
 
+const {readFile, writeFile} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const logoFile = resolve(__dirname, '../assets/logo.svg');
 

build/generate-svg.js

@@ -1,9 +1,10 @@
 import fastGlob from 'fast-glob';
 import {optimize, extendDefaultPlugins} from 'svgo';
 import {resolve, parse, dirname} from 'path';
-import {readFile, writeFile, mkdir} from 'fs/promises';
+import fs from 'fs';
 import {fileURLToPath} from 'url';
 
+const {readFile, writeFile, mkdir} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
 const outputDir = resolve(__dirname, '../public/img/svg');

custom/conf/app.example.ini

@@ -19,7 +19,7 @@ PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
 PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
 
 [repository]
-; Root path for storing all repository data. It must be an absolute path. By default it is stored in a sub-directory of `APP_DATA_PATH`.
+; Root path for storing all repository data. It must be an absolute path. By default, it is stored in a sub-directory of `APP_DATA_PATH`.
 ROOT =
 ; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
 SCRIPT_TYPE = bash
@@ -48,7 +48,7 @@ PREFERRED_LICENSES = Apache License 2.0,MIT License
 ; Disable the ability to interact with repositories using the HTTP protocol
 DISABLE_HTTP_GIT = false
 ; Value for Access-Control-Allow-Origin header, default is not to present
-; WARNING: This maybe harmful to you website if you do not give it a right value.
+; WARNING: This may be harmful to your website if you do not give it a right value.
 ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
 USE_COMPAT_SSH_URI = false
@@ -70,6 +70,8 @@ PREFIX_ARCHIVE_FILES = true
 DISABLE_MIRRORS = false
 ; Disable migrating feature.
 DISABLE_MIGRATIONS = false
+; Disable stars feature.
+DISABLE_STARS = false
 ; The default branch name of new repositories
 DEFAULT_BRANCH = master
 ; Allow adoption of unadopted repositories
@@ -134,7 +136,7 @@ ALLOWED_TYPES =
 SIGNING_KEY = default
 ; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
 ; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
-; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
+; the results of git config --get user.name and git config --get user.email respectively and can only be overridden
 ; by setting the SIGNING_KEY ID to the correct ID.)
 SIGNING_NAME =
 SIGNING_EMAIL =
@@ -447,7 +449,7 @@ LOG_SQL = true
 DB_RETRIES = 10
 ; Backoff time per DB retry (time.Duration)
 DB_RETRY_BACKOFF = 3s
-; Max idle database connections on connnection pool, default is 2
+; Max idle database connections on connection pool, default is 2
 MAX_IDLE_CONNS = 2
 ; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
 CONN_MAX_LIFETIME = 3s
@@ -466,7 +468,7 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve
 ; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
 ISSUE_INDEXER_QUEUE_TYPE = levelqueue
 ; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
-; This can be overriden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
+; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ; default is indexers/issues.queue
 ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
 ; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
@@ -514,9 +516,9 @@ BATCH_LENGTH = 20
 ; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
 ; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
 CONN_STR = "addrs=127.0.0.1:6379 db=0"
-; Provides the suffix of the default redis/disk queue name - specific queues can be overriden within in their [queue.name] sections.
+; Provides the suffix of the default redis/disk queue name - specific queues can be overridden within in their [queue.name] sections.
 QUEUE_NAME = "_queue"
-; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overriden within in their [queue.name] sections.
+; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overridden within in their [queue.name] sections.
 SET_NAME = "_unique"
 ; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
 WRAP_IF_NECESSARY = true
@@ -617,6 +619,30 @@ WHITELISTED_URIS =
 ; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
 BLACKLISTED_URIS =
 
+[oauth2_client]
+; Whether a new auto registered oauth2 user needs to confirm their email.
+; Do not include to use the REGISTER_EMAIL_CONFIRM setting from the `[service]` section.
+REGISTER_EMAIL_CONFIRM =
+; Scopes for the openid connect oauth2 provider (separated by space, the openid scope is implicitly added).
+; Typical values are profile and email.
+; For more information about the possible values see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
+OPENID_CONNECT_SCOPES =
+; Automatically create user accounts for new oauth2 users.
+ENABLE_AUTO_REGISTRATION = false
+; The source of the username for new oauth2 accounts:
+; userid = use the userid / sub attribute
+; nickname = use the nickname attribute
+; email = use the username part of the email attribute
+USERNAME = nickname
+; Update avatar if available from oauth2 provider.
+; Update will be performed on each login.
+UPDATE_AVATAR = false
+; How to handle if an account / email already exists:
+; disabled = show an error
+; login = show an account linking login
+; auto = link directly with the account
+ACCOUNT_LINKING = disabled
+
 [service]
 ; Time limit to confirm account/email registration
 ACTIVE_CODE_LIVE_MINUTES = 180
@@ -822,7 +848,7 @@ REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
 ; This is to limit the amount of RAM used when resizing the image.
 AVATAR_MAX_WIDTH = 4096
 AVATAR_MAX_HEIGHT = 3072
-; Maximum alloved file size for uploaded avatars.
+; Maximum allowed file size for uploaded avatars.
 ; This is to limit the amount of RAM used when resizing the image.
 AVATAR_MAX_FILE_SIZE = 1048576
 ; Chinese users can choose "duoshuo"

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -75,6 +75,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIRRORS`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
+- `DISABLE_STARS`: **false**: Disable stars feature.
 - `DEFAULT_BRANCH`: **master**: Default branch name of all repositories.
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
@@ -429,6 +430,21 @@ relation to port exhaustion.
 - `BLACKLISTED_URIS`: **\<empty\>**: If non-empty, list of POSIX regex patterns matching
    OpenID URI's to block.
 
+## OAuth2 Client (`oauth2_client`)
+
+- `REGISTER_EMAIL_CONFIRM`: *[service]* **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
+- `OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
+- `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
+- `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
+    - userid - use the userid / sub attribute
+    - nickname - use the nickname attribute
+    - email - use the username part of the email attribute
+- `UPDATE_AVATAR`: **false**: Update avatar if available from oauth2 provider. Update will be performed on each login.
+- `ACCOUNT_LINKING`: **disabled**: How to handle if an account / email already exists:
+    - disabled - show an error
+    - login - show an account linking login
+    - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
+
 ## Service (`service`)
 
 - `ACTIVE_CODE_LIVE_MINUTES`: **180**: Time limit (min) to confirm account/email registration.

docs/content/doc/advanced/signing.en-us.md

@@ -109,7 +109,7 @@ when creating a repository. The possible values are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The commit will be signed if all selected options are true.
 
 ### `WIKI`
 
@@ -123,7 +123,7 @@ The possible values are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The commit will be signed if all selected options are true.
 
 ### `CRUD_ACTIONS`
 
@@ -137,7 +137,7 @@ editor or API CRUD actions. The possible values are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The change will be signed if all selected options are true.
 
 ### `MERGES`
 
@@ -154,7 +154,7 @@ The possible options are:
 - `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
-separated list.
+separated list. The merge will be signed if all selected options are true.
 
 ## Obtaining the Public Key of the Signing Key
 

models/avatar.go

@@ -96,6 +96,11 @@ func HashedAvatarLink(email string) string {
 			// we don't care about any DB problem just return the lowerEmail
 			return lowerEmail, nil
 		}
+		has, err := sess.Where("email = ? AND hash = ?", emailHash.Email, emailHash.Hash).Get(new(EmailHash))
+		if has || err != nil {
+			// Seriously we don't care about any DB problems just return the lowerEmail - we expect the transaction to fail most of the time
+			return lowerEmail, nil
+		}
 		_, _ = sess.Insert(emailHash)
 		if err := sess.Commit(); err != nil {
 			// Seriously we don't care about any DB problems just return the lowerEmail - we expect the transaction to fail most of the time

models/issue_list.go

@@ -53,6 +53,9 @@ func (issues IssueList) loadRepositories(e Engine) ([]*Repository, error) {
 
 	for _, issue := range issues {
 		issue.Repo = repoMaps[issue.RepoID]
+		if issue.PullRequest != nil {
+			issue.PullRequest.BaseRepo = issue.Repo
+		}
 	}
 	return valuesRepository(repoMaps), nil
 }
@@ -516,6 +519,11 @@ func (issues IssueList) LoadDiscussComments() error {
 	return issues.loadComments(x, builder.Eq{"comment.type": CommentTypeComment})
 }
 
+// LoadPullRequests loads pull requests
+func (issues IssueList) LoadPullRequests() error {
+	return issues.loadPullRequests(x)
+}
+
 // GetApprovalCounts returns a map of issue ID to slice of approval counts
 // FIXME: only returns official counts due to double counting of non-official approvals
 func (issues IssueList) GetApprovalCounts() (map[int64][]*ReviewCount, error) {

models/migrations/migrations.go

@@ -302,8 +302,13 @@ var migrations = []Migration{
 	NewMigration("Remove invalid labels from comments", removeInvalidLabels),
 	// v177 -> v178
 	NewMigration("Delete orphaned IssueLabels", deleteOrphanedIssueLabels),
+
+	// Gitea 1.14.0 ends at v178
+
 	// v178 -> v179
 	NewMigration("Add LFS columns to Mirror", addLFSMirrorColumns),
+	// v179 -> v180
+	NewMigration("Convert avatar url to text", convertAvatarURLToText),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v172.go

@@ -12,9 +12,9 @@ import (
 
 func addSessionTable(x *xorm.Engine) error {
 	type Session struct {
-		Key         string `xorm:"pk CHAR(16)"`
-		Data        []byte `xorm:"BLOB"`
-		CreatedUnix timeutil.TimeStamp
+		Key    string `xorm:"pk CHAR(16)"`
+		Data   []byte `xorm:"BLOB"`
+		Expiry timeutil.TimeStamp
 	}
 	return x.Sync2(new(Session))
 }

models/migrations/v179.go

@@ -0,0 +1,26 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"xorm.io/xorm"
+	"xorm.io/xorm/schemas"
+)
+
+func convertAvatarURLToText(x *xorm.Engine) error {
+	dbType := x.Dialect().URI().DBType
+	if dbType == schemas.SQLITE { // For SQLITE, varchar or char will always be represented as TEXT
+		return nil
+	}
+
+	// Some oauth2 providers may give very long avatar urls (i.e. Google)
+	return modifyColumn(x, "external_login_user", &schemas.Column{
+		Name: "avatar_url",
+		SQLType: schemas.SQLType{
+			Name: schemas.Text,
+		},
+		Nullable: true,
+	})
+}

models/repo_list.go

@@ -143,6 +143,7 @@ type SearchRepoOptions struct {
 	OrderBy         SearchOrderBy
 	Private         bool // Include private repositories in results
 	StarredByID     int64
+	WatchedByID     int64
 	AllPublic       bool // Include also all public repositories of users and public organisations
 	AllLimited      bool // Include also all public repositories of limited organisations
 	// None -> include public and private
@@ -241,6 +242,11 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		cond = cond.And(builder.In("id", builder.Select("repo_id").From("star").Where(builder.Eq{"uid": opts.StarredByID})))
 	}
 
+	// Restrict to watched repositories
+	if opts.WatchedByID > 0 {
+		cond = cond.And(builder.In("id", builder.Select("repo_id").From("watch").Where(builder.Eq{"user_id": opts.WatchedByID})))
+	}
+
 	// Restrict repositories to those the OwnerID owns or contributes to as per opts.Collaborate
 	if opts.OwnerID > 0 {
 		accessCond := builder.NewCond()

models/review.go

@@ -566,7 +566,11 @@ func DismissReview(review *Review, isDismiss bool) (err error) {
 
 	review.Dismissed = isDismiss
 
-	_, err = x.Cols("dismissed").Update(review)
+	if review.ID == 0 {
+		return ErrReviewNotExist{}
+	}
+
+	_, err = x.ID(review.ID).Cols("dismissed").Update(review)
 
 	return
 }