Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-02-28 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Nemcio:copilot/replace-xorm-with-gorm
Branches Tags
Nemcio:main Nemcio:release/0.14 Nemcio:migrate/goldmark Nemcio:copilot/support-embedded-postgres-cli Nemcio:copilot/replace-macaron-with-flamego Nemcio:copilot/replace-xorm-with-gorm Nemcio:release/0.13 Nemcio:release/0.12
Nemcio:v0.14.2 Nemcio:v0.14.2-rc.1 Nemcio:latest-commit-build Nemcio:release-archive-testing Nemcio:v0.14.1 Nemcio:v0.14.1-rc.1 Nemcio:v0.14.0 Nemcio:v0.14.0-rc.1 Nemcio:v0.13.4 Nemcio:v0.13.4-rc.3 Nemcio:v0.13.4-rc.2 Nemcio:v0.13.4-rc.1 Nemcio:v0.13.3 Nemcio:v0.13.3-rc.1 Nemcio:v0.13.2 Nemcio:v0.13.2-rc.1 Nemcio:v0.13.1 Nemcio:v0.13.1-rc.1 Nemcio:v0.13.0 Nemcio:v0.13.0-rc.1 Nemcio:v0.12.11 Nemcio:v0.12.11-rc.1 Nemcio:v0.12.10 Nemcio:v0.12.10-rc.1 Nemcio:v0.12.9 Nemcio:v0.12.9-rc.1 Nemcio:v0.12.8 Nemcio:v0.12.8-rc.1 Nemcio:v0.12.7 Nemcio:v0.12.7-rc.1 Nemcio:v0.12.6-rc.1 Nemcio:v0.12.6 Nemcio:v0.12.5-rc.1 Nemcio:v0.12.5 Nemcio:v0.12.4 Nemcio:v0.12.4-rc.1 Nemcio:v0.12.3 Nemcio:v0.12.2 Nemcio:v0.12.1 Nemcio:v0.12.0 Nemcio:v0.11.91 Nemcio:v0.11.86 Nemcio:v0.11.79 Nemcio:v0.11.66 Nemcio:v0.11.53 Nemcio:v0.11.43 Nemcio:v0.11.34 Nemcio:v0.11.33 Nemcio:v0.11.29 Nemcio:v0.11.19 Nemcio:v0.11.4 Nemcio:v0.11 Nemcio:v0.11rc Nemcio:v0.10.18 Nemcio:v0.10.8 Nemcio:v0.10.1 Nemcio:v0.10 Nemcio:v0.10rc Nemcio:v0.9.141 Nemcio:v0.9.128 Nemcio:v0.9.113 Nemcio:v0.9.97 Nemcio:v0.9.71 Nemcio:v0.9.60 Nemcio:v0.9.48 Nemcio:v0.9.46 Nemcio:v0.9.13 Nemcio:v0.9.0 Nemcio:v0.8.43 Nemcio:v0.8.25 Nemcio:v0.8.10 Nemcio:v0.8.0 Nemcio:v0.7.33 Nemcio:v0.7.22 Nemcio:v0.7.19 Nemcio:v0.7.6 Nemcio:v0.7.0 Nemcio:v0.6.15 Nemcio:v0.6.9 Nemcio:v0.6.5 Nemcio:v0.6.3 Nemcio:v0.6.1 Nemcio:v0.6.0 Nemcio:v0.5.13 Nemcio:v0.5.11 Nemcio:v0.5.9 Nemcio:v0.5.8 Nemcio:v0.5.5 Nemcio:v0.5.2 Nemcio:v0.5.0 Nemcio:v0.4.2 Nemcio:v0.4.1 Nemcio:v0.4.0 Nemcio:v0.3.1 Nemcio:v0.3.0 Nemcio:v0.2.0
...
compare: Nemcio:v0.14.1
Branches Tags
Nemcio:main Nemcio:release/0.14 Nemcio:migrate/goldmark Nemcio:copilot/support-embedded-postgres-cli Nemcio:copilot/replace-macaron-with-flamego Nemcio:copilot/replace-xorm-with-gorm Nemcio:release/0.13 Nemcio:release/0.12
Nemcio:v0.14.2 Nemcio:v0.14.2-rc.1 Nemcio:latest-commit-build Nemcio:release-archive-testing Nemcio:v0.14.1 Nemcio:v0.14.1-rc.1 Nemcio:v0.14.0 Nemcio:v0.14.0-rc.1 Nemcio:v0.13.4 Nemcio:v0.13.4-rc.3 Nemcio:v0.13.4-rc.2 Nemcio:v0.13.4-rc.1 Nemcio:v0.13.3 Nemcio:v0.13.3-rc.1 Nemcio:v0.13.2 Nemcio:v0.13.2-rc.1 Nemcio:v0.13.1 Nemcio:v0.13.1-rc.1 Nemcio:v0.13.0 Nemcio:v0.13.0-rc.1 Nemcio:v0.12.11 Nemcio:v0.12.11-rc.1 Nemcio:v0.12.10 Nemcio:v0.12.10-rc.1 Nemcio:v0.12.9 Nemcio:v0.12.9-rc.1 Nemcio:v0.12.8 Nemcio:v0.12.8-rc.1 Nemcio:v0.12.7 Nemcio:v0.12.7-rc.1 Nemcio:v0.12.6-rc.1 Nemcio:v0.12.6 Nemcio:v0.12.5-rc.1 Nemcio:v0.12.5 Nemcio:v0.12.4 Nemcio:v0.12.4-rc.1 Nemcio:v0.12.3 Nemcio:v0.12.2 Nemcio:v0.12.1 Nemcio:v0.12.0 Nemcio:v0.11.91 Nemcio:v0.11.86 Nemcio:v0.11.79 Nemcio:v0.11.66 Nemcio:v0.11.53 Nemcio:v0.11.43 Nemcio:v0.11.34 Nemcio:v0.11.33 Nemcio:v0.11.29 Nemcio:v0.11.19 Nemcio:v0.11.4 Nemcio:v0.11 Nemcio:v0.11rc Nemcio:v0.10.18 Nemcio:v0.10.8 Nemcio:v0.10.1 Nemcio:v0.10 Nemcio:v0.10rc Nemcio:v0.9.141 Nemcio:v0.9.128 Nemcio:v0.9.113 Nemcio:v0.9.97 Nemcio:v0.9.71 Nemcio:v0.9.60 Nemcio:v0.9.48 Nemcio:v0.9.46 Nemcio:v0.9.13 Nemcio:v0.9.0 Nemcio:v0.8.43 Nemcio:v0.8.25 Nemcio:v0.8.10 Nemcio:v0.8.0 Nemcio:v0.7.33 Nemcio:v0.7.22 Nemcio:v0.7.19 Nemcio:v0.7.6 Nemcio:v0.7.0 Nemcio:v0.6.15 Nemcio:v0.6.9 Nemcio:v0.6.5 Nemcio:v0.6.3 Nemcio:v0.6.1 Nemcio:v0.6.0 Nemcio:v0.5.13 Nemcio:v0.5.11 Nemcio:v0.5.9 Nemcio:v0.5.8 Nemcio:v0.5.5 Nemcio:v0.5.2 Nemcio:v0.5.0 Nemcio:v0.4.2 Nemcio:v0.4.1 Nemcio:v0.4.0 Nemcio:v0.3.1 Nemcio:v0.3.0 Nemcio:v0.2.0

36 Commits
copilot/re ... v0.14.1

Author SHA1 Message Date
Joe Chen
f5c8030c1f Fix up tests 2026-01-31 22:28:11 -05:00
Joe Chen
8c5c0125c4 release: update version to 0.14.1 2026-01-31 22:23:40 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
3f03530042 fix(ssh): git clone via built-in SSH server hangs (#8135) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 22:22:03 -05:00
Joe Chen
36c26c4ccc Update version to 0.14.0 2026-01-31 16:32:58 -05:00
Joe Chen
b68e6886c6 release: cut CHANGELOG entries for 0.14.0 
[skip ci]
 2026-01-31 16:29:15 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
ac7ba9c8a7 locale: sync from Crowdin (#8131) 2026-01-31 16:07:47 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
dd862ee058 ci(docker): auto-tag minor version for stable releases (#8129) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 15:50:42 -05:00
Joe Chen
f94042ce6f chore: update release templates 
[skip ci]
 2026-01-31 15:17:59 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
628216d588 security: require authentication for attachment uploads (#8128) 
https://github.com/gogs/gogs/security/advisories/GHSA-fc3h-92p8-h36f

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 14:40:39 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
7306b955a9 ci: use external unknwon/send-email-on-failure action (#8127) 2026-01-31 13:29:30 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
fc6d1e2055 ci(release): add email notification on failure for main branch (#8126) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 13:13:51 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
3b01892d85 fix(docker): correct binary path in Dockerfiles(#8125) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 13:02:25 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
7b7e38c880 security: prevent deletion of protected and default branches via web UI (#8124) 
https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 12:51:07 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
bb68c0a042 security: fix cross-repository label modification vulnerability (#8123) 
https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 12:28:30 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
68271e6af0 chore: update vulnerability reporting guidelines 
[skip ci]
 2026-01-31 12:01:23 -05:00
Copilot
4f5b00f8c4 Build artifacts for every commit on main (#8122) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Joe Chen <jc@unknwon.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 11:58:45 -05:00
Joe Chen
5d3ffd132b chore: bunch of minor tidy-ups 
[skip ci]
 2026-01-31 09:59:32 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
ee65aa89ca ci: add cross-compilation workflow for releases (#8121) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 09:40:32 -05:00
dependabot[bot]
a1a97de76f mod: bump modernc.org/sqlite from 1.38.2 to 1.39.0 (#8038) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-30 23:19:19 -05:00
Matthias Jobst
9963268267 docker: ignore proxy for healthcheck command (#7532) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-30 23:12:49 -05:00
dependabot[bot]
49a45290ae mod: bump gopkg.in/macaron.v1 from 1.5.0 to 1.5.1 (#8035) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ᴊᴏᴇ ᴄʜᴇɴ <jc@unknwon.io>
 2026-01-30 23:10:14 -05:00
Yaroslav Halchenko
3cc8e7aa6d Fix typos throughout the codebase (#7514) 2026-01-30 23:03:05 -05:00
Rajat Jain
9f1499f3ab Support comparing tags in addition to branches (#6493) 
Co-authored-by: Joe Chen <jc@unknwon.io>
Co-authored-by: Claude <noreply@anthropic.com>
 2026-01-30 22:45:03 -05:00
Jeff Li
77dba1b5ea repo: fix 500 error on watchers and stargazers pages using MSSQL (#6386) 
Co-authored-by: Joe Chen <jc@unknwon.io>
Co-authored-by: Claude <noreply@anthropic.com>
 2026-01-30 22:24:43 -05:00
Georg Wicke-Arndt
f70f29fdb0 Show file name in browser tab title when viewing files (#5896) 2026-01-30 22:11:10 -05:00
Joe Chen
ed6109d35d chore: update AGENTS.md 
[skip ci]
 2026-01-30 22:01:02 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
54e08ba678 docker: add image versions instructions 
[skip ci]
 2026-01-30 21:52:31 -05:00
Sino
87c8faaf08 Standardize HTTP status codes (#7851) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-30 09:27:59 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
1b226ca48d repo: improve authz for resources (#8119) 
https://github.com/gogs/gogs/security/advisories/GHSA-jj5m-h57j-5gv7
 2026-01-29 20:56:09 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
e3bb4165dc database: impersonate pure-Go SQLite driver as the old "sqlite3" (#8118) 2026-01-29 14:49:36 -05:00
pikomonde
df3d945a2c config: validate and print warnings for invalid options (#7705) 
Co-authored-by: Joe Chen <jc@unknwon.io>
 2026-01-28 11:36:03 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
ae41bab5f2 repo: always list tree entries with verbatim (#8116) 
Co-authored-by: Ali <alicse3@gmail.com>
 2026-01-28 10:11:30 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
2316b09eaf database: fully switch over to pure-Go SQLite driver (#8115) 2026-01-27 22:45:50 -05:00
Copilot
3477bbac0e Add ED25519 test coverage and refactor SSH key parsing tests (#8107) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 14:04:12 -05:00
ᴊᴏᴇ ᴄʜᴇɴ
bb3cab921b chore: update release template (#8110) 
[skip ci]
 2026-01-24 23:07:27 -05:00
Copilot
1cdeef2ce8 Replace tool.IsMaliciousPath with pathutil.Clean and move IsSameSite to urlutil (#8106) 2026-01-23 21:13:27 -05:00
104 changed files with 1102 additions and 684 deletions
Expand all files Collapse all files

35
.github/ISSUE_TEMPLATE/dev_release_minor_version.md vendored
View File

@@ -1,6 +1,7 @@
---
name: "Dev: Release a minor version"
about: ONLY USED BY MAINTAINERS.
assignees: "unknwon"
title: "Release [VERSION]"
labels: 📸 release
---
@@ -13,30 +14,26 @@ On the `main` branch:
- [ ] Close stale issues with the label [status: needs feedback](https://github.com/gogs/gogs/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+needs+feedback%22).
- [ ] [Sync locales from Crowdin](https://github.com/gogs/gogs/blob/main/docs/dev/import_locale.md).
- [ ] [Update CHANGELOG](https://github.com/gogs/gogs/commit/540134d4436d8da82247dd2cabe9312ca2f5b1f1) to include entries for the current minor release.
- [ ] Cut a new release branch `release/<MAJOR>.<MINOR>`, e.g. `release/0.12`.
- [ ] [Update CHANGELOG](https://github.com/gogs/gogs/commit/f1102a7a7c545ec221d2906f02fa19170d96f96d) to include entries for the current minor release.
- Do not forget adding entries for GHSA patches.
- [ ] Cut a new release branch `release/<MAJOR>.<MINOR>`, e.g. `release/0.14`.
## During release
On the release branch:
- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f17e7d5a2c36c52a1121d2315f3d75dcd8053b89) to the current release, e.g. `0.12.0+dev` -> `0.12.0`.
- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f17e7d5a2c36c52a1121d2315f3d75dcd8053b89) to the current release, e.g. `0.14.0+dev` -> `0.14.0`.
- [ ] Wait for GitHub Actions to complete and no failed jobs.
- [ ] Publish new RC releases (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) to ensure Docker workflow succeeds. **Make sure the tag is created on the release branch**.
- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current minor release. **Make sure the tag is created on the release branch**.
- [ ] Publish new RC releases (e.g. `v0.14.0-rc.1`, `v0.14.0-rc.2`) to ensure Docker and release workflows both succeed.
- ⚠️ **Make sure the tag is created on the release branch**.
- [ ] Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
- [ ] Download one of the release archives and run through application setup to make sure nothing blows up.
- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current minor release.
- ⚠️ **Make sure the tag is created on the release branch**.
- [ ] [Wait for a new image tag for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
- [ ] [Push a new Docker image tag](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#update-docker-image-tag) as `<MAJOR>.<MINOR>` to both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs), e.g.:
- [ ] [Compile and pack binaries](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#compile-and-pack-binaries) (all prefixed with `gogs_<MAJOR>.<MINOR>.<PATCH>_`, e.g. `gogs_0.12.0_`):
- [ ] macOS: `darwin_amd64.zip`, `darwin_arm64.zip`
- [ ] Linux: `linux_386.tar.gz`, `linux_386.zip`, `linux_amd64.tar.gz`, `linux_amd64.zip`
- [ ] ARM: `linux_armv7.tar.gz`, `linux_armv7.zip`, `linux_armv8.tar.gz`, `linux_armv8.zip`
- [ ] Windows: `windows_amd64.zip`, `windows_amd64_mws.zip`
- [ ] [Generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
- [ ] Upload all binaries and `checksum_sha256.txt` to:
- [ ] GitHub release
- [ ] https://dl.gogs.io
- [ ] Update content of [Install from binary](https://gogs.io/docs/installation/install_from_binary).
- [ ] Download all release archives and [generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
- [ ] Upload all archives and `checksum_sha256.txt` to https://dl.gogs.io.
## After release
@@ -46,7 +43,7 @@ On the `main` branch:
- [ ] Update the repository mirror on [Gitee](https://gitee.com/unknwon/gogs).
- [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
- [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the minor release.
- [ ] Publish a new release article on [OSChina](http://my.oschina.net/Obahua/admin/releases).
- [ ] Close the minor milestone.
- [ ] [Bump the hard-coded version](https://github.com/gogs/gogs/commit/a98968436cd5841cf691bb0b80c54c81470d1676) to the new develop version, e.g. `0.12.0+dev` -> `0.13.0+dev`.
- [ ] Close the milestone for the minor release.
- [ ] [Bump the hard-coded version](https://github.com/gogs/gogs/commit/a98968436cd5841cf691bb0b80c54c81470d1676) to the new develop version, e.g. `0.14.0+dev` -> `0.15.0+dev`.
- [ ] Run `task legacy` to identify deprecated code that is aimed to be removed in current develop version.
- [ ] **After 14 days**, publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.

18
.github/ISSUE_TEMPLATE/dev_release_patch_version.md vendored
View File

@@ -1,6 +1,7 @@
---
name: "Dev: Release a patch version"
about: ONLY USED BY MAINTAINERS.
assignees: "unknwon"
title: "Release [VERSION]"
labels: 📸 release
---
@@ -13,7 +14,7 @@ On the release branch:
- [ ] Make sure all commits are cherry-picked from the `main` branch by checking the patch milestone.
- Run `task build` for every cherry-picked commit to make sure there is no compilation error.
- [ ] [Update CHANGELOG on the `main` branch](https://github.com/gogs/gogs/commit/e6c5633f580399c8f4dfc07166a63a01c6c70346) to include entries for the current patch release.
- [ ] [Update CHANGELOG on the `main` branch](https://github.com/gogs/gogs/commit/f1102a7a7c545ec221d2906f02fa19170d96f96d) to include entries for the current patch release.
## During release
@@ -24,6 +25,7 @@ On the release branch:
- [ ] Publish new RC releases in [GitHub release](https://github.com/gogs/gogs/releases) (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) to ensure Docker workflow succeeds.
- ⚠️ **Make sure the tag is created on the release branch**.
- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
- [ ] Download one of the release archives and run through application setup to make sure nothing blows up.
- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current patch release and all previous releases with same minor version.
- ⚠️ **Make sure the tag is created on the release branch**.
- [ ] Update all previous GitHub releases with same minor version with the warning:
@@ -33,16 +35,8 @@ On the release branch:
- [ ] [Wait for a new image tag for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
- [ ] [Update Docker image tag](https://www.notion.so/jcunknwon/Cheatsheet-and-playbooks-c3b053da42114411bd27285cd065b2a6?source=copy_link#1654f105c63f80958d96cd72e2f5df69) for the minor release `<MAJOR>.<MINOR>` on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
- [ ] [Compile and pack binaries](https://www.notion.so/jcunknwon/Cheatsheet-and-playbooks-c3b053da42114411bd27285cd065b2a6?source=copy_link#1654f105c63f803f8bfcc117395d9747) (all prefixed with `gogs_<MAJOR>.<MINOR>.<PATCH>_`, e.g. `gogs_0.12.0_`):
- [ ] macOS: `darwin_arm64.zip`, `darwin_amd64.zip`
- [ ] Linux: `linux_amd64.tar.gz`, `linux_amd64.zip`
- [ ] ARM: `linux_armv8.tar.gz`, `linux_armv8.zip`
- [ ] Windows: `windows_amd64.zip`, `windows_amd64_mws.zip`
- [ ] [Generate SHA256 checksum](https://www.notion.so/jcunknwon/Cheatsheet-and-playbooks-c3b053da42114411bd27285cd065b2a6?source=copy_link#1654f105c63f80d4a74ad8821a403f52) for all binaries to the file `checksum_sha256.txt`.
- [ ] Upload all binaries and `checksum_sha256.txt` to:
- [ ] GitHub release
- [ ] https://dl.gogs.io
- [ ] Update content of [Install from binary](https://gogs.io/docs/installation/install_from_binary).
- [ ] Download all release archives and [generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
- [ ] Upload all archives and `checksum_sha256.txt` to https://dl.gogs.io.
## After release
@@ -54,5 +48,5 @@ On the `main` branch:
```
- [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
- [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the patch release.
- [ ] Close the patch milestone.
- [ ] Close the milestone for the patch release.
- [ ] **After 14 days**, publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.

16
.github/workflows/digitalocean_gc.yml vendored
View File

@@ -19,18 +19,8 @@ jobs:
# --include-untagged-manifests: Deletes unreferenced manifests to maximize space
doctl registry garbage-collection start --force --include-untagged-manifests
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}

130
.github/workflows/docker.yml vendored
View File

@@ -68,21 +68,11 @@ jobs:
image-ref: gogs/gogs:latest
exit-code: '1'
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
buildx-next:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
@@ -145,21 +135,11 @@ jobs:
image-ref: gogs/gogs:next-latest
exit-code: '1'
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
deploy-demo:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
@@ -181,21 +161,11 @@ jobs:
kubectl rollout restart deployment gogs-demo -n gogs
kubectl rollout status deployment gogs-demo -n gogs
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
buildx-pull-request:
if: ${{ github.event_name == 'pull_request'}}
@@ -285,8 +255,25 @@ jobs:
contents: read
packages: write
steps:
- name: Compute image tag name
run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
- name: Compute image tags
run: |
IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
TAGS="gogs/gogs:$IMAGE_TAG
ghcr.io/gogs/gogs:$IMAGE_TAG"
# Add minor version tag for stable releases (no prerelease suffix per semver).
if [[ ! "$IMAGE_TAG" =~ - ]]; then
MINOR_TAG=$(echo "$IMAGE_TAG" | cut -d. -f1,2)
TAGS="$TAGS
gogs/gogs:$MINOR_TAG
ghcr.io/gogs/gogs:$MINOR_TAG"
fi
echo "TAGS<<EOF" >> $GITHUB_ENV
echo "$TAGS" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- name: Set up QEMU
@@ -320,25 +307,13 @@ jobs:
context: .
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
tags: |
gogs/gogs:${{ env.IMAGE_TAG }}
ghcr.io/gogs/gogs:${{ env.IMAGE_TAG }}
tags: ${{ env.TAGS }}
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
# Updates to the following section needs to be synced to all release branches within their lifecycles.
buildx-next-release:
@@ -349,8 +324,25 @@ jobs:
contents: read
packages: write
steps:
- name: Compute image tag name
run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
- name: Compute image tags
run: |
IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
TAGS="gogs/gogs:next-$IMAGE_TAG
ghcr.io/gogs/gogs:next-$IMAGE_TAG"
# Add minor version tag for stable releases (no prerelease suffix per semver).
if [[ ! "$IMAGE_TAG" =~ - ]]; then
MINOR_TAG=$(echo "$IMAGE_TAG" | cut -d. -f1,2)
TAGS="$TAGS
gogs/gogs:next-$MINOR_TAG
ghcr.io/gogs/gogs:next-$MINOR_TAG"
fi
echo "TAGS<<EOF" >> $GITHUB_ENV
echo "$TAGS" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- name: Set up QEMU
@@ -385,25 +377,13 @@ jobs:
file: Dockerfile.next
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
tags: |
gogs/gogs:next-${{ env.IMAGE_TAG }}
ghcr.io/gogs/gogs:next-${{ env.IMAGE_TAG }}
tags: ${{ env.TAGS }}
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
digitalocean-gc:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}

51
.github/workflows/go.yml vendored
View File

@@ -79,21 +79,11 @@ jobs:
file: ./coverage
flags: unittests
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
# Running tests with race detection consumes too much memory on Windows,
# see https://github.com/golang/go/issues/46099 for details.
@@ -119,21 +109,11 @@ jobs:
file: ./coverage
flags: unittests
- name: Send email on failure
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
with:
server_address: smtp.mailgun.org
server_port: 465
username: ${{ secrets.SMTP_USERNAME }}
password: ${{ secrets.SMTP_PASSWORD }}
subject: GitHub Actions (${{ github.repository }}) job result
to: github-actions-8ce6454@unknwon.io
from: GitHub Actions (${{ github.repository }})
reply_to: noreply@unknwon.io
body: |
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}
postgres:
name: Postgres
@@ -195,22 +175,3 @@ jobs:
MYSQL_PASSWORD: root
MYSQL_HOST: localhost
MYSQL_PORT: 3306
sqlite-go:
name: SQLite - Go
strategy:
matrix:
go-version: [ 1.25.x ]
platform: [ ubuntu-latest ]
runs-on: ${{ matrix.platform }}
steps:
- name: Checkout code
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ matrix.go-version }}
- name: Run tests with coverage
run: go test -shuffle=on -v -race -parallel=1 -coverprofile=coverage -covermode=atomic ./internal/database/...
env:
GOGS_DATABASE_TYPE: sqlite

146
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,146 @@
name: Release
on:
release:
types: [published]
push:
branches:
- main
pull_request:
paths:
- '.github/workflows/release.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GOPROXY: "https://proxy.golang.org"
permissions:
contents: write
jobs:
build:
name: Build ${{ matrix.goos }}/${{ matrix.goarch }}${{ matrix.suffix }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- {goos: linux, goarch: amd64}
- {goos: linux, goarch: arm64}
- {goos: linux, goarch: "386"}
- {goos: darwin, goarch: amd64}
- {goos: darwin, goarch: arm64}
- {goos: windows, goarch: amd64}
- {goos: windows, goarch: arm64}
- {goos: windows, goarch: "386"}
- {goos: windows, goarch: amd64, suffix: "_mws", tags: minwinsvc}
- {goos: windows, goarch: arm64, suffix: "_mws", tags: minwinsvc}
- {goos: windows, goarch: "386", suffix: "_mws", tags: minwinsvc}
steps:
- name: Checkout code
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: 1.25.x
- name: Determine version
id: version
run: |
if [ "${{ github.event_name }}" = "release" ]; then
echo "version=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
echo "release_tag=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
elif [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref }}" = "refs/heads/main" ]; then
echo "version=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
echo "release_tag=latest-commit-build" >> "$GITHUB_OUTPUT"
else
echo "version=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
echo "release_tag=release-archive-testing" >> "$GITHUB_OUTPUT"
fi
- name: Build binary
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: "0"
run: |
BINARY_NAME="gogs"
if [ "${{ matrix.goos }}" = "windows" ]; then
BINARY_NAME="gogs.exe"
fi
TAGS_FLAG=""
if [ -n "${{ matrix.tags }}" ]; then
TAGS_FLAG="-tags ${{ matrix.tags }}"
fi
go build -v \
-ldflags "
-X \"gogs.io/gogs/internal/conf.BuildTime=$(date -u '+%Y-%m-%d %I:%M:%S %Z')\"
-X \"gogs.io/gogs/internal/conf.BuildCommit=$(git rev-parse HEAD)\"
" \
$TAGS_FLAG \
-trimpath -o "$BINARY_NAME"
- name: Prepare archive contents
run: |
mkdir -p dist/gogs
BINARY_NAME="gogs"
if [ "${{ matrix.goos }}" = "windows" ]; then
BINARY_NAME="gogs.exe"
fi
cp "$BINARY_NAME" dist/gogs/
cp LICENSE README.md README_ZH.md dist/gogs/
cp -r scripts dist/gogs/
- name: Create archives
working-directory: dist
run: |
VERSION="${{ steps.version.outputs.version }}"
ARCHIVE_BASE="gogs_${VERSION}_${{ matrix.goos }}_${{ matrix.goarch }}${{ matrix.suffix }}"
zip -r "${ARCHIVE_BASE}.zip" gogs
if [ "${{ matrix.goos }}" = "linux" ]; then
tar -czvf "${ARCHIVE_BASE}.tar.gz" gogs
fi
- name: Upload to release
env:
GH_TOKEN: ${{ github.token }}
run: |
RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
if [ "${{ github.event_name }}" != "release" ]; then
git tag -f "$RELEASE_TAG"
git push origin "$RELEASE_TAG" --force || true
RELEASE_TITLE="Release Archive Testing"
RELEASE_NOTES="Automated testing release for workflow development."
if [ "$RELEASE_TAG" = "latest-commit-build" ]; then
RELEASE_TITLE="Latest Commit Build"
RELEASE_NOTES="Automated build from the latest commit on main branch. This release is updated automatically with every push to main."
fi
gh release view "$RELEASE_TAG" || gh release create "$RELEASE_TAG" --title "$RELEASE_TITLE" --notes "$RELEASE_NOTES" --prerelease
fi
PATTERN="_${{ matrix.goos }}_${{ matrix.goarch }}${{ matrix.suffix }}\."
gh release view "$RELEASE_TAG" --json assets --jq ".assets[].name" | grep "$PATTERN" | while read -r asset; do
gh release delete-asset "$RELEASE_TAG" "$asset" --yes || true
done
gh release upload "$RELEASE_TAG" dist/gogs_*.zip --clobber
if [ "${{ matrix.goos }}" = "linux" ]; then
gh release upload "$RELEASE_TAG" dist/gogs_*.tar.gz --clobber
fi
notify-failure:
name: Notify on failure
runs-on: ubuntu-latest
needs: [build]
if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
steps:
- name: Send email on failure
uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
with:
smtp_username: ${{ secrets.SMTP_USERNAME }}
smtp_password: ${{ secrets.SMTP_PASSWORD }}

24
.gitignore vendored
View File

@@ -1,18 +1,16 @@
.DS_Store
*.db
*.log
# Build artifacts
.bin/
dist/
# Runtime data
log/
custom/
data/
# Configuration and application files
.idea/
*.iml
public/img/avatar/
*.exe
*.exe~
/gogs
profile/
*.pem
output*
/release
.task
.task/
.envrc
# System junk
.DS_Store

14
AGENTS.md
View File

@@ -1,6 +1,7 @@
## Core principles
- When you see changes made outside your knowledge, use the current version as your new starting point. Do not blindly overwrite those changes or you suck. Even if you have to update the code, always respect the god damn pattern in the surrounding context!
- Stop telling me "You're right", it just shows how incompetent you are. Do it right on your first try, fact-check and review after changes. If you are not sure, ask for help.
- When you see changes made outside your knowledge, use the current version as your new starting point. Do not blindly overwrite those changes or you suck. Even if you have to update the code, always respect the pattern in the surrounding context!
## Style and mechanics
@@ -15,6 +16,17 @@ This applies to all texts, including but not limited to UI, documentation, code
- Use `github.com/cockroachdb/errors` for error handling.
- Use `github.com/stretchr/testify` for assertions in tests. Be mindful about the choice of `require` and `assert`, the former should be used when the test cannot proceed meaningfully after a failed assertion.
## Build instructions
- Prefer `task` command over vanilla `go` command when available. Use `--force` flag when necessary.
- Run `task lint` after every time you finish changing code, and fix all linter errors.
## Tool-use guidance
- Use `gh` CLI to access information on github.com that is not publicly available.
## Source code control
- When pushing changes to a pull request from a fork, use SSH address and do not add remote.
- Never automatically executes commands that touches Git history even if the session does not require approvals, including but not limited to `rebase`, `commit`, `push`, `pull`, `reset`, `amend`. Exceptions are only allowed case-by-case.
- Do not amend commits unless being explicitly asked to do so.

20
CHANGELOG.md
View File

@@ -2,26 +2,42 @@
All notable changes to Gogs are documented in this file.
## 0.14.0+dev (`main`)
## 0.15.0+dev (`main`)
### Fixed
- Git clone via the built-in SSH server hangs. [#8132](https://github.com/gogs/gogs/issues/8132)
## 0.14.0
### Added
- Support comparing tags in addition to branches. [#6141](https://github.com/gogs/gogs/issues/6141)
- Show file name in browser tab title when viewing files. [#5896](https://github.com/gogs/gogs/pull/5896)
- Support using TLS for Redis session provider using `[session] PROVIDER_CONFIG = ...,tls=true`. [#7860](https://github.com/gogs/gogs/pull/7860)
- Support expanading values in `app.ini` from environment variables, e.g. `[database] PASSWORD = ${DATABASE_PASSWORD}`. [#8057](https://github.com/gogs/gogs/pull/8057)
- Support custom logout URL that users get redirected to after sign out using `[auth] CUSTOM_LOGOUT_URL`. [#8089](https://github.com/gogs/gogs/pull/8089)
- Start publishing next-generation, security-focused Docker image via `gogs/gogs:next-latest`, which will become the default image distribution (`gogs/gogs:latest`) starting 0.15.0. While not all container options support have been added in the next-generation image, the use of current legacy Docker image is deprecated, it will be published as `gogs/gogs:legacy-latest` starting 0.15.0, and be completely removed starting 0.16.0. [#8061](https://github.com/gogs/gogs/pull/8061)
- Start publishing next-generation, security-focused Docker image via `gogs/gogs:next-latest`, which will become the default image distribution (`gogs/gogs:latest`) starting 0.16.0. While not all container options support have been added in the next-generation image, the use of current legacy Docker image is deprecated, it will be published as `gogs/gogs:legacy-latest` starting 0.16.0, and be completely removed no earlier than 0.17.0. [#8061](https://github.com/gogs/gogs/pull/8061)
### Changed
- The required Go version to compile source code changed to 1.25.
- The build tag `cert` has been removed, and the `gogs cert` subcommand is now always available. [#7883](https://github.com/gogs/gogs/pull/7883)
- Switched to pure-Go SQLite driver, CGO is no longer required to compile Gogs. [#7882](https://github.com/gogs/gogs/issues/7882)
- Updated Mermaid JS to 11.9.0. [#8009](https://github.com/gogs/gogs/pull/8009)
- Halt the repository creation and leave the directory untouched if the repository root already exists. [#8091](https://github.com/gogs/gogs/pull/8091)
### Fixed
- _Security:_ Unauthenticated file upload. [#8128](https://github.com/gogs/gogs/pull/8128) - [GHSA-fc3h-92p8-h36f](https://github.com/gogs/gogs/security/advisories/GHSA-fc3h-92p8-h36f)
- _Security:_ Protected branch bypass in web UI. [#8124](https://github.com/gogs/gogs/pull/8124) - [GHSA-2c6v-8r3v-gh6p](https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p)
- _Security:_ Authorization bypass allows cross-repository label modification. [#8123](https://github.com/gogs/gogs/pull/8123) - [GHSA-cv22-72px-f4gh](https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh)
- _Security:_ Cross-repository comment deletion. [#8119](https://github.com/gogs/gogs/pull/8119) - [GHSA-jj5m-h57j-5gv7](https://github.com/gogs/gogs/security/advisories/GHSA-jj5m-h57j-5gv7)
- 500 error on repository watchers and stargazers pages when using MSSQL. [#5482](https://github.com/gogs/gogs/issues/5482)
- Submodules using `ssh://` protocol and a port number are not rendered correctly. [#4941](https://github.com/gogs/gogs/issues/4941)
- Missing link to user profile on the first commit in commits history page. [#7404](https://github.com/gogs/gogs/issues/7404)
- Unable to delete or display files with special characters in their names. [#7596](https://github.com/gogs/gogs/issues/7596)
- Docker healthcheck fails when `HTTP_PROXY` or `HTTPS_PROXY` environment variables are set. [#7529](https://github.com/gogs/gogs/issues/7529)
## 0.13.4

1
CLAUDE.md Symbolic link
View File

@@ -0,0 +1 @@
AGENTS.md

6
Dockerfile
View File

@@ -25,20 +25,20 @@ RUN apk --no-cache --no-progress add \
tzdata \
rsync
ENV GOGS_CUSTOM /data/gogs
ENV GOGS_CUSTOM=/data/gogs
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
WORKDIR /app/gogs
COPY docker ./docker
COPY --from=binarybuilder /gogs.io/gogs/gogs .
COPY --from=binarybuilder /gogs.io/gogs/.bin/gogs .
RUN ./docker/build/finalize.sh
# Configure Docker Container
VOLUME ["/data", "/backup"]
EXPOSE 22 3000
HEALTHCHECK CMD (curl -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
HEALTHCHECK CMD (curl --noproxy localhost -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
ENTRYPOINT ["/app/gogs/docker/start.sh"]
CMD ["/usr/bin/s6-svscan", "/app/gogs/docker/s6/"]

4
Dockerfile.next
View File

@@ -31,7 +31,7 @@ RUN apk --no-cache --no-progress add \
ENV GOGS_CUSTOM=/data/gogs
WORKDIR /app/gogs
COPY --from=binarybuilder /gogs.io/gogs/gogs .
COPY --from=binarybuilder /gogs.io/gogs/.bin/gogs .
COPY docker-next/start.sh .
RUN chmod +x start.sh && \
mkdir -p /data && \
@@ -41,7 +41,7 @@ RUN chmod +x start.sh && \
# Configure Docker Container
VOLUME ["/data", "/backup"]
EXPOSE 22 3000
HEALTHCHECK CMD (curl -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
HEALTHCHECK CMD (curl --noproxy localhost -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
# Run as non-root user by default for better K8s security context support.
USER git:git

1
SECURITY.md
View File

@@ -14,6 +14,7 @@ Existing vulnerability reports are being tracked in [GitHub Security Advisories]
1. Report an advisory for the vulnerability.
- Please be aware that **only advisories reported in plain English** will be reviewed.
- We DO NOT accept vulnerabilities cannot be reproduced on the latest `main` commit.
1. Project maintainers review the advisory:
- Ask clarifying questions
- Make sure there was no prior advisory exists for the same vulnerability

23
Taskfile.yml
View File

@@ -10,8 +10,10 @@ tasks:
web:
desc: Build the binary and start the web server
deps: [build]
env:
GOGS_WORK_DIR: '{{.ROOT_DIR}}'
cmds:
- ./gogs web
- .bin/gogs web
build:
desc: Build the binary
@@ -22,7 +24,7 @@ tasks:
-X "{{.PKG_PATH}}.BuildCommit={{.BUILD_COMMIT}}"
'
-tags '{{.TAGS}}'
-trimpath -o gogs{{.BINARY_EXT}}
-trimpath -o .bin/gogs{{.BINARY_EXT}}
vars:
PKG_PATH: gogs.io/gogs/internal/conf
BUILD_TIME:
@@ -59,18 +61,6 @@ tasks:
cmds:
- find . -name "*.DS_Store" -type f -delete
release:
desc: Build the binary and pack resources to a ZIP file
deps: [build]
cmds:
- rm -rf {{.RELEASE_GOGS}}
- mkdir -p {{.RELEASE_GOGS}}
- cp -r gogs{{.BINARY_EXT}} LICENSE README.md README_ZH.md scripts {{.RELEASE_GOGS}}
- cd {{.RELEASE_ROOT}} && zip -r gogs.zip "gogs"
vars:
RELEASE_ROOT: release
RELEASE_GOGS: release/gogs
less:
desc: Generate CSS from LESS files
cmds:
@@ -99,3 +89,8 @@ tasks:
dropdb "$dbname"
echo "dropped $dbname"
done
lint:
desc: Run all linters
cmds:
- golangci-lint run

3
conf/locale/locale_bg-BG.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Застинали клонове
branches.all=Всички клонове
branches.updated_by=Актуализирани %[1]s от %[2]s
branches.change_default_branch=Промяна на клон по подразбиране
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Нов файл
editor.upload_file=Качи файл
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_cs-CZ.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Zastaralé větve
branches.all=Všechny větve
branches.updated_by=%[2]s změnil %[1]s
branches.change_default_branch=Změnit výchozí větev
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nový soubor
editor.upload_file=Nahrát soubor
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_de-DE.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Alte Branches
branches.all=Alle Branches
branches.updated_by=Aktualisiert %[1]s von %[2]s
branches.change_default_branch=Ändere Standard-Branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Neue Datei
editor.upload_file=Datei hochladen
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Fehler beim Senden der Test-E-Mail an '%s': %v
config.email.test_mail_sent=Test-E-Mail wurde an '%s ' gesendet.
config.auth_config=Authentifizierungskonfiguration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Aktivierungscode Lebensdauer
config.auth.reset_password_code_lives=Gültigkeitsdauer Zurücksetzungs-Code
config.auth.require_email_confirm=E-Mail-Bestätigung erforderlich

3
conf/locale/locale_en-GB.ini
View File

@@ -501,6 +501,8 @@ branches.stale_branches=Stale Branches
branches.all=All Branches
branches.updated_by=Updated %[1]s by %[2]s
branches.change_default_branch=Change Default Branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=New file
editor.upload_file=Upload file
@@ -1346,6 +1348,7 @@ config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives

2
conf/locale/locale_en-US.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches = Stale Branches
branches.all = All Branches
branches.updated_by = Updated %[1]s by %[2]s
branches.change_default_branch = Change Default Branch
branches.default_deletion_not_allowed = Cannot delete the default branch.
branches.protected_deletion_not_allowed = Cannot delete a protected branch.
editor.new_file = New file
editor.upload_file = Upload file

3
conf/locale/locale_es-ES.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Ramas Viejas
branches.all=Todas las Ramas
branches.updated_by=%[1]s actualizado por %[2]s
branches.change_default_branch=Cambiar la Rama por Defecto
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nuevo archivo
editor.upload_file=Subir archivo
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Error al enviar correo electrónico de prueba a '%
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_fa-IR.ini
View File

@@ -496,6 +496,8 @@ branches.stale_branches=شاخه های قدیمی
branches.all=همه شاخه
branches.updated_by=%[1]s به روزشده توسط %[2]s
branches.change_default_branch=تغییر شاخه ی پیش فرض
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=پرونده جدید
editor.upload_file=بارگذاری پرونده
@@ -1276,6 +1278,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_fi-FI.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Passivoituneet haarat
branches.all=Kaikki haarat
branches.updated_by=Päivitetty %[1]s %[2]s
branches.change_default_branch=Muuta oletushaaraa
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Uusi tiedosto
editor.upload_file=Liitä tiedosto
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Testisähköpostin lähettäminen vastaanottajalle
config.email.test_mail_sent=Testi sähköposti on lähetetty vastaanottajalle '%s'.
config.auth_config=Todennuksen asetukset
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Aktiivinen koodi elämät ennen vanhenemista
config.auth.reset_password_code_lives=Nollaa salasana koodi elämät
config.auth.require_email_confirm=Vaadi sähköpostivahvistus

3
conf/locale/locale_fr-FR.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Branches stagnantes
branches.all=Toutes les Branches
branches.updated_by=Mise à jour %[1]s par %[2]s
branches.change_default_branch=Changer la Branche par Défaut
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nouveau fichier
editor.upload_file=Téléverser un fichier
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Impossible d'envoyer un e-mail de test à '%s' :
config.email.test_mail_sent=Un e-mail de test à été envoyé à '%s'.
config.auth_config=Configuration de l'authentification
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activer les vies sur les codes
config.auth.reset_password_code_lives=Vies sur les codes de réinitialisation des mots de passes
config.auth.require_email_confirm=Nécessite une confirmation par e-mail

3
conf/locale/locale_gl-ES.ini
View File

@@ -495,6 +495,8 @@ branches.stale_branches=Stale Branches
branches.all=All Branches
branches.updated_by=Updated %[1]s by %[2]s
branches.change_default_branch=Change Default Branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Novo arquivo
editor.upload_file=Subir arquivo
@@ -1275,6 +1277,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_hu-HU.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Elavult ágak
branches.all=Minden ág
branches.updated_by=Frissítve ekkor: %[1]s %[2]s által
branches.change_default_branch=Alapértelmezett ág megváltoztatása
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Új fájl
editor.upload_file=Fájl feltöltése
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Nem sikerült kiküldeni a teszt e-mailt '%s'-nek:
config.email.test_mail_sent=Teszt e-mail kiküldve '%s'-nek.
config.auth_config=Hitelesítési beállítások
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Jelszó visszaállítási kód élettartama
config.auth.require_email_confirm=E-mail megerősítés szükségessé tétele

3
conf/locale/locale_id-ID.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Cabang Basi
branches.all=Semua Cabang
branches.updated_by=Diperbarui %[1]s oleh %[2]s
branches.change_default_branch=Ubah Cabang Default
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Berkas baru
editor.upload_file=Unggah Berkas
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Gagal mengirim surel uji ke '%s': %v
config.email.test_mail_sent=Surel uji telah dikirim ke '%s'.
config.auth_config=Konfigurasi otentikasi
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Perlu konfirmasi surel

3
conf/locale/locale_it-IT.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Stale Branches
branches.all=Tutti i rami (branch)
branches.updated_by=Updated %[1]s by %[2]s
branches.change_default_branch=Cambia branch di default
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nuovo file
editor.upload_file=Carica File
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_ja-JP.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=古いブランチ
branches.all=すべてのブランチ
branches.updated_by=%[1]s が %[2]s によって更新されました
branches.change_default_branch=デフォルトブランチの変更
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=新規ファイル
editor.upload_file=ファイルをアップロード
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_ko-KR.ini
View File

@@ -495,6 +495,8 @@ branches.stale_branches=오래된 브랜치
branches.all=모든 브랜치
branches.updated_by=%[2]s이 %[1]s를 업데이트
branches.change_default_branch=기본 브랜치 변경
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=파일 생성
editor.upload_file=파일 업로드
@@ -1276,6 +1278,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent='%s'로 테스트 이메일을 보냈습니다.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=이메일 인증 필요

3
conf/locale/locale_lv-LV.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Pamests atzars
branches.all=Visi atzari
branches.updated_by=%[2]s atjaunoja %[1]s
branches.change_default_branch=Mainīt noklusēto atzaru
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Jauns fails
editor.upload_file=Augšupielādēt failu
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_mn-MN.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Хуучирсан салаанууд
branches.all=Бүх салаанууд
branches.updated_by=Шинэчлэгдсэн %[1]s by %[2]s
branches.change_default_branch=Анхны салаа өөрчлөх
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Шинэ файл
editor.upload_file=Файл хуулах
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Туршилтын имэйлийг '%s': %v рү
config.email.test_mail_sent=Туршилтын имэйл '%s' рүү илгээгдлээ.
config.auth_config=Authentication тохиргоо
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Кодын ашиглалтыг идэвхжүүлэх
config.auth.reset_password_code_lives=Нууц үгийн кодыг шинэчлэх
config.auth.require_email_confirm=Имэйлээр баталгаажуулахыг шаардана

3
conf/locale/locale_nl-NL.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Stale Branches
branches.all=All Branches
branches.updated_by=Updated %[1]s by %[2]s
branches.change_default_branch=Change Default Branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nieuw bestand
editor.upload_file=Bestand uploaden
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_pl-PL.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Stare gałęzie
branches.all=Wszystkie gałęzie
branches.updated_by=Zaktualizowano %[1]s przez %[2]s
branches.change_default_branch=Zmiana domyślnej gałęzi
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nowy plik
editor.upload_file=Załaduj plik
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Nie udało się wysłać wiadomości testowej do '
config.email.test_mail_sent=Wiadomość testowa została wysłana do '%s'.
config.auth_config=Konfiguracja uwierzytelniania
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Wymagaj potwierdzenia adresu e-mail

3
conf/locale/locale_pt-BR.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Branches obsoletos
branches.all=Todos os branches
branches.updated_by=Atualizado %[1]s por %[2]s
branches.change_default_branch=Modificar branch padrão
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Novo arquivo
editor.upload_file=Enviar arquivo
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

157
conf/locale/locale_pt-PT.ini
View File

@@ -446,7 +446,7 @@ migrate.clone_address_desc=Isto pode ser um URL de HTTP/HTTPS/GIT.
migrate.clone_address_desc_import_local=Você também pode migrar um repositório pelo caminho do servidor local.
migrate.permission_denied=Não está autorizado a importar repositórios locais.
migrate.invalid_local_path=Caminho local inválido, o caminho não existe ou não é um directório.
migrate.clone_address_resolved_to_blocked_local_address=Clone address resolved to a local network address that is implicitly blocked.
migrate.clone_address_resolved_to_blocked_local_address=Clonar endereço resolvido para um endereço de rede local implicitamente bloqueado.
migrate.failed=Migração falhada: %v
mirror_from=mirror de
@@ -494,6 +494,8 @@ branches.stale_branches=Ramificações Obsoletas
branches.all=Todas as Ramificações
branches.updated_by=Atualizado %[1]s por %[2]s
branches.change_default_branch=Mudar Ramificação Predefinida
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Novo Ficheiro
editor.upload_file=Enviar ficheiro
@@ -1202,119 +1204,120 @@ config.ssh.port=Porta exposta
config.ssh.root_path=Caminho para a raíz
config.ssh.keygen_path=Localização do gerador de chaves criptográficas
config.ssh.key_test_path=Localização do teste das chaves criptográficas
config.ssh.minimum_key_size_check=Minimum key size check
config.ssh.minimum_key_sizes=Minimum key sizes
config.ssh.minimum_key_size_check=Verificação de tamanho mínimo da chave
config.ssh.minimum_key_sizes=Tamanhos mínimos de chaves
config.ssh.rewrite_authorized_keys_at_start=Rewrite "authorized_keys" at start
config.ssh.start_builtin_server=Start builtin server
config.ssh.start_builtin_server=Iniciar servidor embutido
config.ssh.listen_host=Servidor
config.ssh.listen_port=Porta do servidor
config.ssh.server_ciphers=Cifras do servidor
config.ssh.server_macs=Server MACs
config.ssh.server_algorithms=Server algorithms
config.ssh.server_macs=MACs do servidor
config.ssh.server_algorithms=Algoritmos do servidor
config.repo_config=Configuração de repositório
config.repo.root_path=Localização base
config.repo.script_type=Tipo de script
config.repo.ansi_chatset=ANSI charset
config.repo.force_private=Force private
config.repo.max_creation_limit=Max creation limit
config.repo.preferred_licenses=Preferred licenses
config.repo.disable_http_git=Disable HTTP Git
config.repo.enable_local_path_migration=Enable local path migration
config.repo.enable_raw_file_render_mode=Enable raw file render mode
config.repo.force_private=Forçar privado
config.repo.max_creation_limit=Limite máximo de criação
config.repo.preferred_licenses=Licenças preferidas
config.repo.disable_http_git=Desativar Git HTTP
config.repo.enable_local_path_migration=Ativar a migração de caminho local
config.repo.enable_raw_file_render_mode=Ativar o modo de renderização do ficheiro bruto
config.repo.commits_fetch_concurrency=Commits fetch concurrency
config.repo.editor.line_wrap_extensions=Editor line wrap extensions
config.repo.editor.line_wrap_extensions=Extensões de quebra automática de linha do editor
config.repo.editor.previewable_file_modes=Editor previewable file modes
config.repo.upload.enabled=Upload enabled
config.repo.upload.temp_path=Upload temporary path
config.repo.upload.allowed_types=Upload allowed types
config.repo.upload.file_max_size=Upload file size limit
config.repo.upload.max_files=Upload files limit
config.repo.upload.enabled=Envio ativado
config.repo.upload.temp_path=Caminho temporário para envios
config.repo.upload.allowed_types=Tipos de envios permitidos
config.repo.upload.file_max_size=Tamanho limite de ficheiros enviados
config.repo.upload.max_files=Quantidade limite de ficheiros enviados
config.db_config=Configuração da base de dados
config.db.type=Type
config.db.host=Host
config.db.name=Name
config.db.schema=Schema
config.db.schema_helper=(for "postgres" only)
config.db.user=User
config.db.ssl_mode=SSL mode
config.db.ssl_mode_helper=(for "postgres" only)
config.db.path=Path
config.db.path_helper=(for "sqlite3"only)
config.db.max_open_conns=Maximum open connections
config.db.max_idle_conns=Maximum idle connections
config.db.type=Tipo
config.db.host=Anfitrião
config.db.name=Nome
config.db.schema=Esquema
config.db.schema_helper=(apenas para "postgres")
config.db.user=Utilizador
config.db.ssl_mode=Modo SSL
config.db.ssl_mode_helper=(apenas para "postgres")
config.db.path=Caminho
config.db.path_helper=(apenas para "sqlite3")
config.db.max_open_conns=Máximo de conexões abertas
config.db.max_idle_conns=Máximo de conexões ociosas
config.security_config=Security configuration
config.security.login_remember_days=Login remember days
config.security.cookie_remember_name=Remember cookie
config.security.cookie_username=Username cookie
config.security.cookie_secure=Enable secure cookie
config.security.reverse_proxy_auth_user=Reverse proxy authentication header
config.security_config=Configuração da segurança
config.security.login_remember_days=Dias lembrados de login
config.security.cookie_remember_name=Lembrar do cookie
config.security.cookie_username=Cookie do nome do utilizador
config.security.cookie_secure=Ativar cookie seguro
config.security.reverse_proxy_auth_user=Cabeçalho de autenticação de proxy reverso
config.security.enable_login_status_cookie=Enable login status cookie
config.security.login_status_cookie_name=Login status cookie
config.security.local_network_allowlist=Local network allowlist
config.email_config=Email configuration
config.email.enabled=Enabled
config.email.subject_prefix=Subject prefix
config.email.host=Host
config.email.from=From
config.email.user=User
config.email.disable_helo=Disable HELO
config.email.helo_hostname=HELO hostname
config.email_config=Configuração de E-mail
config.email.enabled=Ativado
config.email.subject_prefix=Prefixo do assunto
config.email.host=Anfitrião
config.email.from=De
config.email.user=Utilizador
config.email.disable_helo=Desativar HELO
config.email.helo_hostname=Nome de anfitrião HELO
config.email.skip_verify=Skip certificate verify
config.email.use_certificate=Use custom certificate
config.email.cert_file=Certificate file
config.email.key_file=Key file
config.email.use_plain_text=Use plain text
config.email.add_plain_text_alt=Add plain text alternative
config.email.send_test_mail=Send test email
config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.email.use_certificate=Usar certificado personalizado
config.email.cert_file=Ficheiro de certificado criptográfico
config.email.key_file=Ficheiro da chave criptográfica
config.email.use_plain_text=Usar texto simples
config.email.add_plain_text_alt=Adicionar alternativa de texto simples
config.email.send_test_mail=Enviar e-mail de teste
config.email.test_mail_failed=Falhou o envio do e-mail de teste para '%s': %v
config.email.test_mail_sent=O e-mail de teste foi enviado para '%s'.
config.auth_config=Authentication configuration
config.auth_config=Configuração da autenticação
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation
config.auth.require_sign_in_view=Require sign in view
config.auth.disable_registration=Disable registration
config.auth.enable_registration_captcha=Enable registration captcha
config.auth.enable_reverse_proxy_authentication=Enable reverse proxy authentication
config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto registration
config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header
config.auth.require_email_confirm=Exigir confirmação por e-mail
config.auth.require_sign_in_view=Exigir login para ver
config.auth.disable_registration=Desativar registo
config.auth.enable_registration_captcha=Ativar captcha para registar
config.auth.enable_reverse_proxy_authentication=Ativar autenticação do proxy reverso
config.auth.enable_reverse_proxy_auto_registration=Ativar o registo automático do proxy reverso
config.auth.reverse_proxy_authentication_header=Cabeçalho de autenticação de proxy reverso
config.user_config=User configuration
config.user.enable_email_notify=Enable email notification
config.user_config=Configuração do utilizador
config.user.enable_email_notify=Ativar a notificação por e-mail
config.session_config=Configuração de sessão
config.session.provider=Provider
config.session.provider_config=Provider config
config.session.provider=Provedor
config.session.provider_config=Configuração do provedor
config.session.cookie_name=Cookie
config.session.https_only=HTTPS only
config.session.https_only=Somente HTTPS
config.session.gc_interval=GC interval
config.session.max_life_time=Max life time
config.session.csrf_cookie_name=CSRF cookie
config.cache_config=Configuração de cache
config.cache.adapter=Adapter
config.cache.interval=GC interval
config.cache.host=Host
config.cache.adapter=Adaptador
config.cache.interval=Intervalo de GC
config.cache.host=Anfitrião
config.http_config=Configuração HTTP
config.http.access_control_allow_origin=Access control allow origin
config.attachment_config=Attachment configuration
config.attachment.enabled=Enabled
config.attachment.path=Path
config.attachment.allowed_types=Allowed types
config.attachment.max_size=Size limit
config.attachment.max_files=Files limit
config.attachment_config=Configuração de anexos
config.attachment.enabled=Ativado
config.attachment.path=Caminho
config.attachment.allowed_types=Tipos permitidos
config.attachment.max_size=Limite de tamanho
config.attachment.max_files=Limite de ficheiros
config.release_config=Release configuration
config.release.attachment.enabled=Attachment enabled
config.release.attachment.allowed_types=Attachment allowed types
config.release.attachment.max_size=Attachment size limit
config.release.attachment.max_size=Tamanho máximo dos anexos
config.release.attachment.max_files=Attachment files limit
config.picture_config=Configuração de imagem
@@ -1325,10 +1328,10 @@ config.picture.disable_gravatar=Disable Gravatar
config.picture.enable_federated_avatar=Enable federated avatars
config.mirror_config=Mirror configuration
config.mirror.default_interval=Default interval
config.mirror.default_interval=Intervalo predefinido
config.webhook_config=Configuração de WebHook
config.webhook.types=Types
config.webhook.types=Tipos
config.webhook.deliver_timeout=Deliver timeout
config.webhook.skip_tls_verify=Skip TLS verify

3
conf/locale/locale_ro-RO.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Ramuri vechi
branches.all=Toate ramurile
branches.updated_by=Actualizat %[1]s prin %[2]s
branches.change_default_branch=Schimbarea ramurii implicite
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Fișier nou
editor.upload_file=Încărcați fișier
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Nu a reușit să trimită un e-mail de test către
config.email.test_mail_sent=E-mailul de test a fost trimis la '%s'.
config.auth_config=Configurația de autentificare
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activați viețile de cod
config.auth.reset_password_code_lives=Resetează viețile codului parolei
config.auth.require_email_confirm=Solicită confirmarea prin e-mail

3
conf/locale/locale_ru-RU.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Устаревшие ветки
branches.all=Все ветки
branches.updated_by=Обновлено %[1]s пользователем %[2]s
branches.change_default_branch=Change Default Branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Новый файл
editor.upload_file=Загрузить файл
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Не удалось отправить тесто
config.email.test_mail_sent=Тестовое письмо было отправлено на %s
config.auth_config=Конфигурация аутентификации
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Срок действия кода сброса пароля
config.auth.require_email_confirm=Требовать подтверждение по электронной почте

3
conf/locale/locale_sk-SK.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Zastaralé vetvy
branches.all=Všetky vetvy
branches.updated_by=%[2]s zmenil %[1]s
branches.change_default_branch=Zmeniť základnú vetvu
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Nový súbor
editor.upload_file=Nahrať súbor
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_sr-SP.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Застареле гране
branches.all=Све гране
branches.updated_by=Ажуриран %[1]s од %[2]s
branches.change_default_branch=Промените подразумевану грану
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Нова датотека
editor.upload_file=Отпреми датотеку
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_sv-SE.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Djärva brancher
branches.all=Alla brancher
branches.updated_by=Uppdaterade %[1]s med %[2]s
branches.change_default_branch=Ändra standard branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Ny fil
editor.upload_file=Ladda upp fil
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_tr-TR.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Eskimiş Bölümler
branches.all=Bütün Bölümler
branches.updated_by=%[2]s tarafından %[1]s güncellendi
branches.change_default_branch=Varsayılan Bölümü Değiştir
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Yeni dosya
editor.upload_file=Dosyayı yükle
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_uk-UA.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Застарілі гілки
branches.all=Усі гілки
branches.updated_by=Оновлено %[1]s з %[2]s
branches.change_default_branch=Гілку за замовчуванням змінено
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Новий файл
editor.upload_file=Завантажити файл
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Помилка відправлення пробн
config.email.test_mail_sent=Пробного листа було відправлено до '%s'.
config.auth_config=Налаштування аутентифікації
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Активувати код підтвердження
config.auth.reset_password_code_lives=Термін придатності кода при скиданні пароля
config.auth.require_email_confirm=Вимагає підтвердження електронною поштою

3
conf/locale/locale_vi-VN.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Các nhánh cũ
branches.all=Tất cả các nhánh
branches.updated_by=Updated %[1]s by %[2]s
branches.change_default_branch=Thay đổi nhánh mặc định
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=Tập tin mới
editor.upload_file=Tải tập tin lên
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Gửi email kiểm tra đến '%s':%v thất bại
config.email.test_mail_sent=Email kiểm tra đã được gửi đến '%s'.
config.auth_config=Cấu hình xác thực
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Yêu cầu xác nhận email

3
conf/locale/locale_zh-CN.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=陈旧分支
branches.all=所有分支
branches.updated_by=由 %[2]s 更新于 %[1]s
branches.change_default_branch=更改默认分支
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=新的文件
editor.upload_file=上传文件
@@ -1275,6 +1277,7 @@ config.email.test_mail_failed=发送测试邮件至 '%s' 时失败:%v
config.email.test_mail_sent=测试邮件已经发送至 '%s'。
config.auth_config=认证配置
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=激活用户链接有效期
config.auth.reset_password_code_lives=重置密码链接有效期
config.auth.require_email_confirm=注册邮件确认

3
conf/locale/locale_zh-HK.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=Stale Branches
branches.all=All Branches
branches.updated_by=Updated %[1]s by %[2]s
branches.change_default_branch=Change Default Branch
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=New file
editor.upload_file=Upload file
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=Failed to send test email to '%s': %v
config.email.test_mail_sent=Test email has been sent to '%s'.
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

3
conf/locale/locale_zh-TW.ini
View File

@@ -494,6 +494,8 @@ branches.stale_branches=陳舊分支
branches.all=所有分支
branches.updated_by=%[2]s 更新了 %[1]s
branches.change_default_branch=變更預設分支
branches.default_deletion_not_allowed=Cannot delete the default branch.
branches.protected_deletion_not_allowed=Cannot delete a protected branch.
editor.new_file=開新檔案
editor.upload_file=上傳檔案
@@ -1274,6 +1276,7 @@ config.email.test_mail_failed=發送測試郵件至 '%s' 時失敗:%v
config.email.test_mail_sent=測試電子郵件已發送到 '%s'。
config.auth_config=Authentication configuration
config.auth_custom_logout_url=Custom logout URL
config.auth.activate_code_lives=Activate code lives
config.auth.reset_password_code_lives=Reset password code lives
config.auth.require_email_confirm=Require email confirmation

2
docker-next/README.md
View File

@@ -1,7 +1,7 @@
# Docker for Gogs (Next Generation)
> [!NOTE]
> This is the next-generation, security-focused Docker image. This will become the default image distribution (`gogs/gogs:latest`) starting 0.15.0.
> This is the next-generation, security-focused Docker image. This will become the default image distribution (`gogs/gogs:latest`) starting 0.16.0.
![Docker pulls](https://img.shields.io/docker/pulls/gogs/gogs?logo=docker&style=for-the-badge)

7
docker/README.md
View File

@@ -1,10 +1,15 @@
# Docker for Gogs
> [!WARNING]
> This is now the legacy Docker image that lacks modern security best practices. It will be published as `gogs/gogs:legacy-latest` starting 0.15.0, and be completely removed starting 0.16.0.
> This is now the legacy Docker image that lacks modern security best practices. It will be published as `gogs/gogs:legacy-latest` starting 0.16.0, and be completely removed no earlier than 0.17.0.
>
> To use the next-generation, security-focused Docker image, see [docker-next/README.md](../docker-next/README.md).
> [!IMPORTANT]
> Image versions:
> - Every released version has its own tag , e.g., `gogs/gogs:0.13.4`, and a tag points to the latest patch of the minor version, e.g., `gogs/gogs:0.13`.
> - The `latest` tag is the image version built from the latest `main` branch.
![Docker pulls](https://img.shields.io/docker/pulls/gogs/gogs?logo=docker&style=for-the-badge)
Visit [Docker Hub](https://hub.docker.com/u/gogs) or [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs) to see all available images and tags.

60
docs/dev/database_schema.md
View File

@@ -1,12 +1,12 @@
# Table "access"
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
---------+---------+-----------------+-----------------------+-------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
RepoID | repo_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
Mode | mode | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
---------+---------+-----------------+-----------------------+------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
RepoID | repo_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
Mode | mode | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
Primary keys: id
Indexes:
@@ -18,7 +18,7 @@ Indexes:
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
--------------+--------------+-----------------------------+-----------------------------+------------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
UserID | uid | BIGINT | BIGINT | INTEGER
Name | name | TEXT | LONGTEXT | TEXT
Sha1 | sha1 | VARCHAR(40) UNIQUE | VARCHAR(40) UNIQUE | VARCHAR(40) UNIQUE
@@ -36,7 +36,7 @@ Indexes:
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
---------------+----------------+--------------------------------+--------------------------------+---------------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
UserID | user_id | BIGINT | BIGINT | INTEGER
OpType | op_type | BIGINT | BIGINT | INTEGER
ActUserID | act_user_id | BIGINT | BIGINT | INTEGER
@@ -60,7 +60,7 @@ Indexes:
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
--------------+--------------+--------------------------------+--------------------------------+---------------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
UserID | uid | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
Email | email | VARCHAR(254) NOT NULL | VARCHAR(254) NOT NULL | TEXT NOT NULL
IsActivated | is_activated | BOOLEAN NOT NULL DEFAULT FALSE | BOOLEAN NOT NULL DEFAULT FALSE | NUMERIC NOT NULL DEFAULT FALSE
@@ -74,11 +74,11 @@ Indexes:
# Table "follow"
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
-----------+-----------+-----------------+-----------------------+-------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
FollowID | follow_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
-----------+-----------+-----------------+-----------------------+------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
FollowID | follow_id | BIGINT NOT NULL | BIGINT NOT NULL | INTEGER NOT NULL
Primary keys: id
Indexes:
@@ -102,16 +102,16 @@ Primary keys: repo_id, oid
# Table "login_source"
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
--------------+--------------+------------------+-----------------------+-------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
Type | type | BIGINT | BIGINT | INTEGER
Name | name | TEXT UNIQUE | VARCHAR(191) UNIQUE | TEXT UNIQUE
IsActived | is_actived | BOOLEAN NOT NULL | BOOLEAN NOT NULL | NUMERIC NOT NULL
IsDefault | is_default | BOOLEAN | BOOLEAN | NUMERIC
Config | cfg | TEXT | TEXT | TEXT
CreatedUnix | created_unix | BIGINT | BIGINT | INTEGER
UpdatedUnix | updated_unix | BIGINT | BIGINT | INTEGER
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
--------------+--------------+------------------+-----------------------+------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
Type | type | BIGINT | BIGINT | INTEGER
Name | name | TEXT UNIQUE | VARCHAR(191) UNIQUE | TEXT UNIQUE
IsActived | is_actived | BOOLEAN NOT NULL | BOOLEAN NOT NULL | NUMERIC NOT NULL
IsDefault | is_default | BOOLEAN | BOOLEAN | NUMERIC
Config | cfg | TEXT | TEXT | TEXT
CreatedUnix | created_unix | BIGINT | BIGINT | INTEGER
UpdatedUnix | updated_unix | BIGINT | BIGINT | INTEGER
Primary keys: id
```
@@ -119,12 +119,12 @@ Primary keys: id
# Table "notice"
```
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
--------------+--------------+------------+-----------------------+----------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER
Type | type | BIGINT | BIGINT | INTEGER
Description | description | TEXT | TEXT | TEXT
CreatedUnix | created_unix | BIGINT | BIGINT | INTEGER
FIELD | COLUMN | POSTGRESQL | MYSQL | SQLITE3
--------------+--------------+------------+-----------------------+------------------------
ID | id | BIGSERIAL | BIGINT AUTO_INCREMENT | INTEGER AUTOINCREMENT
Type | type | BIGINT | BIGINT | INTEGER
Description | description | TEXT | TEXT | TEXT
CreatedUnix | created_unix | BIGINT | BIGINT | INTEGER
Primary keys: id
```

11
go.mod
View File

@@ -7,6 +7,8 @@ require (
github.com/cockroachdb/errors v1.12.0
github.com/derision-test/go-mockgen/v2 v2.1.1
github.com/editorconfig/editorconfig-core-go/v2 v2.6.3
github.com/glebarez/go-sqlite v1.21.2
github.com/glebarez/sqlite v1.11.0
github.com/go-ldap/ldap/v3 v3.4.11
github.com/go-macaron/binding v1.2.0
github.com/go-macaron/cache v0.0.0-20190810181446-10f7c57e2196
@@ -18,7 +20,7 @@ require (
github.com/go-macaron/toolbox v0.0.0-20190813233741-94defb8383c6
github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561
github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
github.com/gogs/git-module v1.8.4
github.com/gogs/git-module v1.8.6
github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4
github.com/gogs/go-libravatar v0.0.0-20191106065024-33a75213d0a0
github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a
@@ -49,13 +51,11 @@ require (
gopkg.in/DATA-DOG/go-sqlmock.v2 v2.0.0-20180914054222-c19298f520d0
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
gopkg.in/ini.v1 v1.67.0
gopkg.in/macaron.v1 v1.5.0
gopkg.in/macaron.v1 v1.5.1
gorm.io/driver/mysql v1.5.2
gorm.io/driver/postgres v1.6.0
gorm.io/driver/sqlite v1.4.2
gorm.io/driver/sqlserver v1.4.1
gorm.io/gorm v1.25.12
modernc.org/sqlite v1.38.2
unknwon.dev/clog/v2 v2.2.0
xorm.io/builder v0.3.6
xorm.io/core v0.7.2
@@ -131,7 +131,7 @@ require (
go.opentelemetry.io/otel/trace v1.11.0 // indirect
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
golang.org/x/mod v0.29.0 // indirect
golang.org/x/sync v0.18.0 // indirect
golang.org/x/sync v0.19.0 // indirect
golang.org/x/sys v0.38.0 // indirect
google.golang.org/protobuf v1.36.6 // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
@@ -141,6 +141,7 @@ require (
modernc.org/libc v1.66.3 // indirect
modernc.org/mathutil v1.7.1 // indirect
modernc.org/memory v1.11.0 // indirect
modernc.org/sqlite v1.39.0 // indirect
)
// +heroku goVersion go1.25

34
go.sum
View File

@@ -92,6 +92,10 @@ github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWo
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps=
github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@@ -142,8 +146,8 @@ github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561 h1:aBzukfDxQlCTVS0NBU
github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14 h1:yXtpJr/LV6PFu4nTLgfjQdcMdzjbqqXMEnHfq0Or6p8=
github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14/go.mod h1:jPoNZLWDAqA5N3G5amEoiNbhVrmM+ZQEcnQvNQ2KaZk=
github.com/gogs/git-module v1.8.4 h1:oSt8sOL4NWOGrSo/CwbS+C4YXtk76QvxyPofem/ViTU=
github.com/gogs/git-module v1.8.4/go.mod h1:bQY0aoMK5Q5+NKgy4jXe3K1GFW+GnsSk0SJK0jh6yD0=
github.com/gogs/git-module v1.8.6 h1:4Io9vWZYQyIjdIPxfKgeYZXnDKNgydc6OZTxII5xCH4=
github.com/gogs/git-module v1.8.6/go.mod h1:IiMSJqi8XH62Kjqjt5Rw8IawSo+DHfM2dDjkSzWLjhs=
github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4 h1:C7NryI/RQhsIWwC2bHN601P1wJKeuQ6U/UCOYTn3Cic=
github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU=
github.com/gogs/go-libravatar v0.0.0-20191106065024-33a75213d0a0 h1:K02vod+sn3M1OOkdqi2tPxN2+xESK4qyITVQ3JkGEv4=
@@ -201,8 +205,9 @@ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c h1:7lF+Vz0LqiRidnzC1Oq86fpX1q/iEv2KJdrCtttYjT4=
github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
@@ -297,11 +302,9 @@ github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWV
github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mcuadros/go-version v0.0.0-20190308113854-92cdf37c5b75/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo=
github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2 h1:YocNLcTBdEdvY3iDK6jfWXvEaM5OCKkjxPKoJRdB3Gg=
github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo=
github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
@@ -405,14 +408,16 @@ github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d/go.mod h1:vq0
github.com/siddontang/ledisdb v0.0.0-20190202134119-8ceb77e66a92/go.mod h1:mF1DpOSOUiJRMR+FDqaqu3EBqrybQtrDDszLUZ6oxPg=
github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY=
github.com/smarty/assertions v1.15.0/go.mod h1:yABtdzeQs6l1brC900WlRNwj6ZR55d7B+E8C6HtKdec=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/assertions v1.0.1 h1:voD4ITNjPL5jjBfgR/r8fPIIBrliWrWHeiJApdr3r4w=
github.com/smartystreets/assertions v1.0.1/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sSznIX1xY=
github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60=
github.com/sourcegraph/run v0.12.0 h1:3A8w5e8HIYPfafHekvmdmmh42RHKGVhmiTZAPJclg7I=
github.com/sourcegraph/run v0.12.0/go.mod h1:PwaP936BTnAJC1cqR5rSbG5kOs/EWStTK3lqvMX5GUA=
github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf h1:pvbZ0lM0XWPBqUKqFU8cmavspvIl9nulOYwdy6IFRRo=
@@ -515,9 +520,8 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -626,8 +630,8 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/macaron.v1 v1.3.4/go.mod h1:/RoHTdC8ALpyJ3+QR36mKjwnT1F1dyYtsGM9Ate6ZFI=
gopkg.in/macaron.v1 v1.3.5/go.mod h1:uMZCFccv9yr5TipIalVOyAyZQuOH3OkmXvgcWwhJuP4=
gopkg.in/macaron.v1 v1.4.0/go.mod h1:uMZCFccv9yr5TipIalVOyAyZQuOH3OkmXvgcWwhJuP4=
gopkg.in/macaron.v1 v1.5.0 h1:/dXJaeQagWLjVjCrKH8dgSSU7yG4qTv6rBKpqhYaCyc=
gopkg.in/macaron.v1 v1.5.0/go.mod h1:sAYUd2r8Q+jLnCN4/ZmdAYHzQn67agV5sAqKFQgrRrw=
gopkg.in/macaron.v1 v1.5.1 h1:0ytdXYcf6//a8bzedl1fVXzPeIXblEqoNPntWAo9YLU=
gopkg.in/macaron.v1 v1.5.1/go.mod h1:AiquOw8YeZJC8sUe11vIO6NeA1/TKSlzQXuJ7Tc4cCQ=
gopkg.in/redis.v2 v2.3.2 h1:GPVIIB/JnL1wvfULefy3qXmPu1nfNu2d0yA09FHgwfs=
gopkg.in/redis.v2 v2.3.2/go.mod h1:4wl9PJ/CqzeHk3LVq1hNLHH8krm3+AXEgut4jVc++LU=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
@@ -648,8 +652,6 @@ gorm.io/driver/mysql v1.5.2 h1:QC2HRskSE75wBuOxe0+iCkyJZ+RqpudsQtqkp+IMuXs=
gorm.io/driver/mysql v1.5.2/go.mod h1:pQLhh1Ut/WUAySdTHwBpBv6+JKcj+ua4ZFx1QQTBzb8=
gorm.io/driver/postgres v1.6.0 h1:2dxzU8xJ+ivvqTRph34QX+WrRaJlmfyPqXmoGVjMBa4=
gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXDhtWo=
gorm.io/driver/sqlite v1.4.2 h1:F6vYJcmR4Cnh0ErLyoY8JSfabBGyR0epIGuhgHJuNws=
gorm.io/driver/sqlite v1.4.2/go.mod h1:0Aq3iPO+v9ZKbcdiz8gLWRw5VOPcBOPUQJFLq5e2ecI=
gorm.io/driver/sqlserver v1.4.1 h1:t4r4r6Jam5E6ejqP7N82qAJIJAht27EGT41HyPfXRw0=
gorm.io/driver/sqlserver v1.4.1/go.mod h1:DJ4P+MeZbc5rvY58PnmN1Lnyvb5gw5NPzGshHDnJLig=
gorm.io/gorm v1.24.0/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
@@ -679,8 +681,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek=
modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
modernc.org/sqlite v1.39.0 h1:6bwu9Ooim0yVYA7IZn9demiQk/Ejp0BtTjBWFLymSeY=
modernc.org/sqlite v1.39.0/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=

2
gogs.go
View File

@@ -14,7 +14,7 @@ import (
)
func init() {
conf.App.Version = "0.14.0+dev"
conf.App.Version = "0.14.1"
}
func main() {

9
internal/cmd/web.go
View File

@@ -329,9 +329,12 @@ func runWeb(c *cli.Context) error {
return
}
})
}, ignSignIn)
m.Group("", func() {
m.Post("/issues/attachments", repo.UploadIssueAttachment)
m.Post("/releases/attachments", repo.UploadReleaseAttachment)
}, ignSignIn)
}, reqSignIn)
m.Group("/:username", func() {
m.Post("/action/:action", user.Action)
@@ -476,7 +479,7 @@ func runWeb(c *cli.Context) error {
m.Get("/milestones", repo.Milestones)
}, ignSignIn, context.RepoAssignment(true))
m.Group("/:username/:reponame", func() {
// FIXME: should use different URLs but mostly same logic for comments of issue and pull reuqest.
// FIXME: should use different URLs but mostly same logic for comments of issue and pull request.
// So they can apply their own enable/disable logic on routers.
m.Group("/issues", func() {
m.Combo("/new", repo.MustEnableIssues).Get(context.RepoRef(), repo.NewIssue).
@@ -501,7 +504,7 @@ func runWeb(c *cli.Context) error {
}, ignSignIn, context.RepoAssignment(false, true))
m.Group("/:username/:reponame", func() {
// FIXME: should use different URLs but mostly same logic for comments of issue and pull reuqest.
// FIXME: should use different URLs but mostly same logic for comments of issue and pull request.
// So they can apply their own enable/disable logic on routers.
m.Group("/issues", func() {
m.Group("/:index", func() {

11
internal/conf/conf.go
View File

@@ -70,7 +70,7 @@ func Init(customConf string) error {
if err = File.Append(customConf); err != nil {
return errors.Wrapf(err, "append %q", customConf)
}
} else {
} else if !HookMode {
log.Warn("Custom config %q not found. Ignore this warning if you're running for the first time", customConf)
}
@@ -142,9 +142,11 @@ func Init(customConf string) error {
}
if IsWindowsRuntime() || semverutil.Compare(sshVersion, "<", "5.1") {
log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible:
if !HookMode {
log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible:
1. Windows server
2. OpenSSH version is lower than 5.1`)
}
} else {
SSH.MinimumKeySizes = map[string]int{}
for _, key := range File.Section("ssh.minimum_key_sizes").Keys() {
@@ -346,6 +348,11 @@ func Init(customConf string) error {
LFS.ObjectsPath = ensureAbs(LFS.ObjectsPath)
handleDeprecated()
if !HookMode {
for _, warning := range checkInvalidOptions(File) {
log.Warn("%s", warning)
}
}
if err = File.Section("cache").MapTo(&Cache); err != nil {
return errors.Wrap(err, "mapping [cache] section")

81
internal/conf/static.go
View File

@@ -1,11 +1,15 @@
package conf
import (
"fmt"
"net/url"
"os"
"time"
"github.com/gogs/go-libravatar"
"gopkg.in/ini.v1"
"gogs.io/gogs/conf"
)
// README: This file contains static values that should only be set at initialization time.
@@ -430,6 +434,83 @@ func handleDeprecated() {
// }
}
// checkInvalidOptions checks invalid (renamed/deleted) configuration sections
// and options and returns a list of warnings.
//
// LEGACY [0.15]: Delete this function.
func checkInvalidOptions(config *ini.File) (warnings []string) {
renamedSections := map[string]string{
"mailer": "email",
"service": "auth",
}
for oldSection, newSection := range renamedSections {
if len(config.Section(oldSection).KeyStrings()) > 0 {
warnings = append(warnings, fmt.Sprintf("section [%s] is invalid, use [%s] instead", oldSection, newSection))
}
}
type optionPath struct {
section string
option string
}
renamedOptionPaths := map[optionPath]optionPath{
{"security", "REVERSE_PROXY_AUTHENTICATION_USER"}: {"auth", "REVERSE_PROXY_AUTHENTICATION_HEADER"},
{"auth", "ACTIVE_CODE_LIVE_MINUTES"}: {"auth", "ACTIVATE_CODE_LIVES"},
{"auth", "RESET_PASSWD_CODE_LIVE_MINUTES"}: {"auth", "RESET_PASSWORD_CODE_LIVES"},
{"auth", "ENABLE_CAPTCHA"}: {"auth", "ENABLE_REGISTRATION_CAPTCHA"},
{"auth", "ENABLE_NOTIFY_MAIL"}: {"user", "ENABLE_EMAIL_NOTIFICATION"},
{"auth", "REGISTER_EMAIL_CONFIRM"}: {"auth", "REQUIRE_EMAIL_CONFIRMATION"},
{"session", "GC_INTERVAL_TIME"}: {"session", "GC_INTERVAL"},
{"session", "SESSION_LIFE_TIME"}: {"session", "MAX_LIFE_TIME"},
{"server", "ROOT_URL"}: {"server", "EXTERNAL_URL"},
{"server", "LANDING_PAGE"}: {"server", "LANDING_URL"},
{"database", "DB_TYPE"}: {"database", "TYPE"},
{"database", "PASSWD"}: {"database", "PASSWORD"},
}
for oldPath, newPath := range renamedOptionPaths {
if config.Section(oldPath.section).HasKey(oldPath.option) {
warnings = append(
warnings,
fmt.Sprintf("option [%s] %s is invalid, use [%s] %s instead",
oldPath.section, oldPath.option,
newPath.section, newPath.option,
),
)
}
}
// Check options that don't exist anymore.
defaultConfigData, err := conf.Files.ReadFile("app.ini")
if err != nil {
// Warning is best-effort, OK to skip on error.
return warnings
}
defaultConfig, err := ini.LoadSources(
ini.LoadOptions{IgnoreInlineComment: true},
defaultConfigData,
)
if err != nil {
// Warning is best-effort, OK to skip on error.
return warnings
}
for _, section := range config.Sections() {
// Skip sections already warned about.
if _, ok := renamedSections[section.Name()]; ok {
continue
}
for _, option := range section.Keys() {
if _, ok := renamedOptionPaths[optionPath{section.Name(), option.Name()}]; ok {
continue
}
if !defaultConfig.Section(section.Name()).HasKey(option.Name()) {
warnings = append(warnings, fmt.Sprintf("option [%s] %s is invalid", section.Name(), option.Name()))
}
}
}
return warnings
}
// HookMode indicates whether program starts as Git server-side hook callback.
// All operations should be done synchronously to prevent program exits before finishing.
//

47
internal/conf/static_test.go
View File

@@ -1,9 +1,11 @@
package conf
import (
"sort"
"testing"
"github.com/stretchr/testify/assert"
"gopkg.in/ini.v1"
)
func Test_i18n_DateLang(t *testing.T) {
@@ -29,3 +31,48 @@ func Test_i18n_DateLang(t *testing.T) {
})
}
}
func TestCheckInvalidOptions(t *testing.T) {
cfg := ini.Empty()
_, _ = cfg.Section("mailer").NewKey("ENABLED", "true")
_, _ = cfg.Section("service").NewKey("START_TYPE", "true")
_, _ = cfg.Section("security").NewKey("REVERSE_PROXY_AUTHENTICATION_USER", "true")
_, _ = cfg.Section("auth").NewKey("ACTIVE_CODE_LIVE_MINUTES", "10")
_, _ = cfg.Section("auth").NewKey("RESET_PASSWD_CODE_LIVE_MINUTES", "10")
_, _ = cfg.Section("auth").NewKey("ENABLE_CAPTCHA", "true")
_, _ = cfg.Section("auth").NewKey("ENABLE_NOTIFY_MAIL", "true")
_, _ = cfg.Section("auth").NewKey("REGISTER_EMAIL_CONFIRM", "true")
_, _ = cfg.Section("session").NewKey("GC_INTERVAL_TIME", "10")
_, _ = cfg.Section("session").NewKey("SESSION_LIFE_TIME", "10")
_, _ = cfg.Section("server").NewKey("ROOT_URL", "true")
_, _ = cfg.Section("server").NewKey("LANDING_PAGE", "true")
_, _ = cfg.Section("database").NewKey("DB_TYPE", "true")
_, _ = cfg.Section("database").NewKey("PASSWD", "true")
_, _ = cfg.Section("other").NewKey("SHOW_FOOTER_BRANDING", "true")
_, _ = cfg.Section("other").NewKey("SHOW_FOOTER_TEMPLATE_LOAD_TIME", "true")
_, _ = cfg.Section("email").NewKey("ENABLED", "true")
_, _ = cfg.Section("server").NewKey("NONEXISTENT_OPTION", "true")
wantWarnings := []string{
"option [auth] ACTIVE_CODE_LIVE_MINUTES is invalid, use [auth] ACTIVATE_CODE_LIVES instead",
"option [auth] ENABLE_CAPTCHA is invalid, use [auth] ENABLE_REGISTRATION_CAPTCHA instead",
"option [auth] ENABLE_NOTIFY_MAIL is invalid, use [user] ENABLE_EMAIL_NOTIFICATION instead",
"option [auth] REGISTER_EMAIL_CONFIRM is invalid, use [auth] REQUIRE_EMAIL_CONFIRMATION instead",
"option [auth] RESET_PASSWD_CODE_LIVE_MINUTES is invalid, use [auth] RESET_PASSWORD_CODE_LIVES instead",
"option [database] DB_TYPE is invalid, use [database] TYPE instead",
"option [database] PASSWD is invalid, use [database] PASSWORD instead",
"option [security] REVERSE_PROXY_AUTHENTICATION_USER is invalid, use [auth] REVERSE_PROXY_AUTHENTICATION_HEADER instead",
"option [session] GC_INTERVAL_TIME is invalid, use [session] GC_INTERVAL instead",
"option [session] SESSION_LIFE_TIME is invalid, use [session] MAX_LIFE_TIME instead",
"section [mailer] is invalid, use [email] instead",
"section [service] is invalid, use [auth] instead",
"option [server] ROOT_URL is invalid, use [server] EXTERNAL_URL instead",
"option [server] LANDING_PAGE is invalid, use [server] LANDING_URL instead",
"option [server] NONEXISTENT_OPTION is invalid",
}
gotWarnings := checkInvalidOptions(cfg)
sort.Strings(wantWarnings)
sort.Strings(gotWarnings)
assert.Equal(t, wantWarnings, gotWarnings)
}

5
internal/conf/testdata/custom.ini vendored
View File

@@ -28,9 +28,8 @@ PASSWORD = 87654321
ACTIVATE_CODE_LIVES = 10
RESET_PASSWORD_CODE_LIVES = 10
REQUIRE_EMAIL_CONFIRMATION = true
ENABLE_CAPTCHA = true
ENABLE_NOTIFY_MAIL = true
REVERSE_PROXY_AUTHENTICATION_HEADER=X-FORWARDED-FOR
ENABLE_REGISTRATION_CAPTCHA = true
REVERSE_PROXY_AUTHENTICATION_HEADER = X-FORWARDED-FOR
[user]
ENABLE_EMAIL_NOTIFICATION = true

4
internal/context/context.go
View File

@@ -147,13 +147,13 @@ func (c *Context) RedirectSubpath(location string, status ...int) {
}
// RenderWithErr used for page has form validation but need to prompt error to users.
func (c *Context) RenderWithErr(msg, tpl string, f any) {
func (c *Context) RenderWithErr(msg string, status int, tpl string, f any) {
if f != nil {
form.Assign(f, c.Data)
}
c.Flash.ErrorMsg = msg
c.Data["Flash"] = c.Flash
c.HTML(http.StatusOK, tpl)
c.HTML(status, tpl)
}
// NotFound renders the 404 page.

52
internal/database/actions_test.go
View File

@@ -142,6 +142,11 @@ func actionsCommitRepo(t *testing.T, ctx context.Context, s *ActionsStore) {
now := time.Unix(1588568886, 0).UTC()
conf.SetMockSSH(t, conf.SSHOpts{})
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
t.Run("new commit", func(t *testing.T) {
t.Cleanup(func() {
@@ -432,6 +437,12 @@ func actionsListByUser(t *testing.T, ctx context.Context, s *ActionsStore) {
}
func actionsMergePullRequest(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
repo, err := newReposStore(s.db).Create(ctx,
@@ -477,6 +488,12 @@ func actionsMergePullRequest(t *testing.T, ctx context.Context, s *ActionsStore)
}
func actionsMirrorSyncCreate(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
repo, err := newReposStore(s.db).Create(ctx,
@@ -518,6 +535,12 @@ func actionsMirrorSyncCreate(t *testing.T, ctx context.Context, s *ActionsStore)
}
func actionsMirrorSyncDelete(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
repo, err := newReposStore(s.db).Create(ctx,
@@ -559,6 +582,12 @@ func actionsMirrorSyncDelete(t *testing.T, ctx context.Context, s *ActionsStore)
}
func actionsMirrorSyncPush(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
repo, err := newReposStore(s.db).Create(ctx,
@@ -624,6 +653,12 @@ func actionsMirrorSyncPush(t *testing.T, ctx context.Context, s *ActionsStore) {
}
func actionsNewRepo(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
repo, err := newReposStore(s.db).Create(ctx,
@@ -703,6 +738,11 @@ func actionsPushTag(t *testing.T, ctx context.Context, s *ActionsStore) {
// to the mock server because this function holds a lock.
conf.SetMockServer(t, conf.ServerOpts{})
conf.SetMockSSH(t, conf.SSHOpts{})
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
@@ -796,6 +836,12 @@ func actionsPushTag(t *testing.T, ctx context.Context, s *ActionsStore) {
}
func actionsRenameRepo(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
repo, err := newReposStore(s.db).Create(ctx,
@@ -833,6 +879,12 @@ func actionsRenameRepo(t *testing.T, ctx context.Context, s *ActionsStore) {
}
func actionsTransferRepo(t *testing.T, ctx context.Context, s *ActionsStore) {
conf.SetMockUI(t, conf.UIOpts{
User: conf.UIUserOpts{
NewsFeedPagingNum: 20,
},
})
alice, err := newUsersStore(s.db).Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
bob, err := newUsersStore(s.db).Create(ctx, "bob", "bob@example.com", CreateUserOptions{})

1
internal/database/main_test.go
View File

@@ -8,7 +8,6 @@ import (
"gorm.io/gorm"
"gorm.io/gorm/logger"
_ "modernc.org/sqlite"
log "unknwon.dev/clog/v2"
"gogs.io/gogs/internal/conf"

1
internal/database/migrations/main_test.go
View File

@@ -7,7 +7,6 @@ import (
"testing"
"gorm.io/gorm/logger"
_ "modernc.org/sqlite"
log "unknwon.dev/clog/v2"
"gogs.io/gogs/internal/testutil"

4
internal/database/models.go
View File

@@ -11,6 +11,7 @@ import (
"time"
"github.com/cockroachdb/errors"
"github.com/glebarez/go-sqlite"
"gorm.io/gorm"
"gorm.io/gorm/logger"
log "unknwon.dev/clog/v2"
@@ -45,6 +46,9 @@ var (
)
func init() {
// Register the pure-Go SQLite driver as "sqlite3" for XORM compatibility.
sql.Register("sqlite3", &sqlite.Driver{})
legacyTables = append(legacyTables,
new(User), new(PublicKey), new(TwoFactor), new(TwoFactorRecoveryCode),
new(Repository), new(DeployKey), new(Collaboration), new(Upload),

4
internal/database/repo.go
View File

@@ -2408,7 +2408,7 @@ func GetWatchers(repoID int64) ([]*Watch, error) {
func (r *Repository) GetWatchers(page int) ([]*User, error) {
users := make([]*User, 0, ItemsPerPage)
sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("watch.repo_id=?", r.ID)
if conf.UsePostgreSQL {
if conf.UsePostgreSQL || conf.UseMSSQL {
sess = sess.Join("LEFT", "watch", `"user".id=watch.user_id`)
} else {
sess = sess.Join("LEFT", "watch", "user.id=watch.user_id")
@@ -2508,7 +2508,7 @@ func IsStaring(userID, repoID int64) bool {
func (r *Repository) GetStargazers(page int) ([]*User, error) {
users := make([]*User, 0, ItemsPerPage)
sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("star.repo_id=?", r.ID)
if conf.UsePostgreSQL {
if conf.UsePostgreSQL || conf.UseMSSQL {
sess = sess.Join("LEFT", "star", `"user".id=star.uid`)
} else {
sess = sess.Join("LEFT", "star", "user.id=star.uid")

7
internal/database/repo_editor.go
View File

@@ -23,7 +23,6 @@ import (
"gogs.io/gogs/internal/osutil"
"gogs.io/gogs/internal/pathutil"
"gogs.io/gogs/internal/process"
"gogs.io/gogs/internal/tool"
)
// BranchAlreadyExists represents an error when branch already exists.
@@ -415,8 +414,10 @@ func (upload *Upload) LocalPath() string {
// NewUpload creates a new upload object.
func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error) {
if tool.IsMaliciousPath(name) {
return nil, errors.Newf("malicious path detected: %s", name)
// 🚨 SECURITY: Prevent path traversal.
name = pathutil.Clean(name)
if name == "" {
return nil, errors.New("empty file name")
}
upload := &Upload{

6
internal/database/schemadoc/main.go
View File

@@ -8,11 +8,11 @@ import (
"strings"
"github.com/cockroachdb/errors"
"github.com/glebarez/sqlite"
"github.com/olekukonko/tablewriter"
"gopkg.in/DATA-DOG/go-sqlmock.v2"
"gorm.io/driver/mysql"
"gorm.io/driver/postgres"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"gorm.io/gorm/clause"
"gorm.io/gorm/schema"
@@ -65,11 +65,13 @@ func main() {
table.SetHeader([]string{"Field", "Column", "PostgreSQL", "MySQL", "SQLite3"})
table.SetBorder(false)
for j, f := range ti.Fields {
sqlite3Type := strings.ToUpper(collected[2][i].Fields[j].Type)
sqlite3Type = strings.ReplaceAll(sqlite3Type, "PRIMARY KEY ", "")
table.Append([]string{
f.Name, f.Column,
strings.ToUpper(f.Type), // PostgreSQL
strings.ToUpper(collected[1][i].Fields[j].Type), // MySQL
strings.ToUpper(collected[2][i].Fields[j].Type), // SQLite3
sqlite3Type,
})
}
table.Render()

16
internal/database/ssh_key.go
View File

@@ -175,8 +175,8 @@ func parseKeyString(content string) (string, error) {
// writeTmpKeyFile writes key content to a temporary file
// and returns the name of that file, along with any possible errors.
func writeTmpKeyFile(content string) (string, error) {
tmpFile, err := os.CreateTemp(conf.SSH.KeyTestPath, "gogs_keytest")
func writeTmpKeyFile(content, keyTestPath string) (string, error) {
tmpFile, err := os.CreateTemp(keyTestPath, "gogs_keytest")
if err != nil {
return "", errors.Newf("TempFile: %v", err)
}
@@ -188,15 +188,15 @@ func writeTmpKeyFile(content string) (string, error) {
return tmpFile.Name(), nil
}
// SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.
func SSHKeyGenParsePublicKey(key string) (string, int, error) {
tmpName, err := writeTmpKeyFile(key)
// SSHKeygenParsePublicKey extracts key type and length using ssh-keygen.
func SSHKeygenParsePublicKey(key, keyTestPath, keygenPath string) (string, int, error) {
tmpName, err := writeTmpKeyFile(key, keyTestPath)
if err != nil {
return "", 0, errors.Newf("writeTmpKeyFile: %v", err)
}
defer os.Remove(tmpName)
stdout, stderr, err := process.Exec("SSHKeyGenParsePublicKey", conf.SSH.KeygenPath, "-lf", tmpName)
stdout, stderr, err := process.Exec("SSHKeygenParsePublicKey", keygenPath, "-lf", tmpName)
if err != nil {
return "", 0, errors.Newf("fail to parse public key: %s - %s", err, stderr)
}
@@ -301,8 +301,8 @@ func CheckPublicKeyString(content string) (_ string, err error) {
fnName = "SSHNativeParsePublicKey"
keyType, length, err = SSHNativeParsePublicKey(content)
} else {
fnName = "SSHKeyGenParsePublicKey"
keyType, length, err = SSHKeyGenParsePublicKey(content)
fnName = "SSHKeygenParsePublicKey"
keyType, length, err = SSHKeygenParsePublicKey(content, conf.SSH.KeyTestPath, conf.SSH.KeygenPath)
}
if err != nil {
return "", errors.Newf("%s: %v", fnName, err)

24
internal/database/ssh_key_test.go
View File

@@ -4,13 +4,11 @@ import (
"testing"
"github.com/stretchr/testify/assert"
"gogs.io/gogs/internal/conf"
"github.com/stretchr/testify/require"
)
func Test_SSHParsePublicKey(t *testing.T) {
// TODO: Refactor SSHKeyGenParsePublicKey to accept a tempPath and remove this init.
conf.MustInit("")
func TestSSHParsePublicKey(t *testing.T) {
tempPath := t.TempDir()
tests := []struct {
name string
content string
@@ -53,20 +51,22 @@ func Test_SSHParsePublicKey(t *testing.T) {
expType: "ecdsa",
expLength: 521,
},
{
name: "ed25519-256",
content: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGYutovQfTewtcodVN1E1UUzMk4GQfiRI5ZoP/kTlDb nocomment",
expType: "ed25519",
expLength: 256,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
typ, length, err := SSHNativeParsePublicKey(test.content)
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
assert.Equal(t, test.expType, typ)
assert.Equal(t, test.expLength, length)
typ, length, err = SSHKeyGenParsePublicKey(test.content)
if err != nil {
t.Fatal(err)
}
typ, length, err = SSHKeygenParsePublicKey(test.content, tempPath, "ssh-keygen")
require.NoError(t, err)
assert.Equal(t, test.expType, typ)
assert.Equal(t, test.expLength, length)
})

36
internal/database/users_test.go
View File

@@ -465,7 +465,7 @@ func usersDeleteByID(t *testing.T, ctx context.Context, s *UsersStore) {
reposStore := newReposStore(s.db)
t.Run("user still has repository ownership", func(t *testing.T) {
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
_, err = reposStore.Create(ctx, alice.ID, CreateRepoOptions{Name: "repo1"})
@@ -477,7 +477,7 @@ func usersDeleteByID(t *testing.T, ctx context.Context, s *UsersStore) {
})
t.Run("user still has organization membership", func(t *testing.T) {
bob, err := s.Create(ctx, "bob", "bob@exmaple.com", CreateUserOptions{})
bob, err := s.Create(ctx, "bob", "bob@example.com", CreateUserOptions{})
require.NoError(t, err)
// TODO: Use Orgs.Create to replace SQL hack when the method is available.
@@ -498,14 +498,14 @@ func usersDeleteByID(t *testing.T, ctx context.Context, s *UsersStore) {
assert.Equal(t, wantErr, err)
})
cindy, err := s.Create(ctx, "cindy", "cindy@exmaple.com", CreateUserOptions{})
cindy, err := s.Create(ctx, "cindy", "cindy@example.com", CreateUserOptions{})
require.NoError(t, err)
frank, err := s.Create(ctx, "frank", "frank@exmaple.com", CreateUserOptions{})
frank, err := s.Create(ctx, "frank", "frank@example.com", CreateUserOptions{})
require.NoError(t, err)
repo2, err := reposStore.Create(ctx, cindy.ID, CreateRepoOptions{Name: "repo2"})
require.NoError(t, err)
testUser, err := s.Create(ctx, "testUser", "testUser@exmaple.com", CreateUserOptions{})
testUser, err := s.Create(ctx, "testUser", "testUser@example.com", CreateUserOptions{})
require.NoError(t, err)
// Mock watches, stars and follows
@@ -673,14 +673,14 @@ func usersDeleteByID(t *testing.T, ctx context.Context, s *UsersStore) {
func usersDeleteInactivated(t *testing.T, ctx context.Context, s *UsersStore) {
// User with repository ownership should be skipped
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
reposStore := newReposStore(s.db)
_, err = reposStore.Create(ctx, alice.ID, CreateRepoOptions{Name: "repo1"})
require.NoError(t, err)
// User with organization membership should be skipped
bob, err := s.Create(ctx, "bob", "bob@exmaple.com", CreateUserOptions{})
bob, err := s.Create(ctx, "bob", "bob@example.com", CreateUserOptions{})
require.NoError(t, err)
// TODO: Use Orgs.Create to replace SQL hack when the method is available.
org1, err := s.Create(ctx, "org1", "org1@example.com", CreateUserOptions{})
@@ -695,11 +695,11 @@ func usersDeleteInactivated(t *testing.T, ctx context.Context, s *UsersStore) {
require.NoError(t, err)
// User activated state should be skipped
_, err = s.Create(ctx, "cindy", "cindy@exmaple.com", CreateUserOptions{Activated: true})
_, err = s.Create(ctx, "cindy", "cindy@example.com", CreateUserOptions{Activated: true})
require.NoError(t, err)
// User meant to be deleted
david, err := s.Create(ctx, "david", "david@exmaple.com", CreateUserOptions{})
david, err := s.Create(ctx, "david", "david@example.com", CreateUserOptions{})
require.NoError(t, err)
tempSSHRootPath := filepath.Join(os.TempDir(), "usersDeleteInactivated-tempSSHRootPath")
@@ -726,7 +726,7 @@ func usersGetByEmail(t *testing.T, ctx context.Context, s *UsersStore) {
t.Run("ignore organization", func(t *testing.T) {
// TODO: Use Orgs.Create to replace SQL hack when the method is available.
org, err := s.Create(ctx, "gogs", "gogs@exmaple.com", CreateUserOptions{})
org, err := s.Create(ctx, "gogs", "gogs@example.com", CreateUserOptions{})
require.NoError(t, err)
err = s.db.Model(&User{}).Where("id", org.ID).UpdateColumn("type", UserTypeOrganization).Error
@@ -738,7 +738,7 @@ func usersGetByEmail(t *testing.T, ctx context.Context, s *UsersStore) {
})
t.Run("by primary email", func(t *testing.T) {
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
_, err = s.GetByEmail(ctx, alice.Email)
@@ -760,7 +760,7 @@ func usersGetByEmail(t *testing.T, ctx context.Context, s *UsersStore) {
require.NoError(t, err)
// TODO: Use UserEmails.Create to replace SQL hack when the method is available.
email2 := "bob2@exmaple.com"
email2 := "bob2@example.com"
err = s.db.Exec(`INSERT INTO email_address (uid, email) VALUES (?, ?)`, bob.ID, email2).Error
require.NoError(t, err)
@@ -779,7 +779,7 @@ func usersGetByEmail(t *testing.T, ctx context.Context, s *UsersStore) {
}
func usersGetByID(t *testing.T, ctx context.Context, s *UsersStore) {
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
user, err := s.GetByID(ctx, alice.ID)
@@ -792,7 +792,7 @@ func usersGetByID(t *testing.T, ctx context.Context, s *UsersStore) {
}
func usersGetByUsername(t *testing.T, ctx context.Context, s *UsersStore) {
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
user, err := s.GetByUsername(ctx, alice.Name)
@@ -805,7 +805,7 @@ func usersGetByUsername(t *testing.T, ctx context.Context, s *UsersStore) {
}
func usersGetByKeyID(t *testing.T, ctx context.Context, s *UsersStore) {
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
// TODO: Use PublicKeys.Create to replace SQL hack when the method is available.
@@ -830,11 +830,11 @@ func usersGetByKeyID(t *testing.T, ctx context.Context, s *UsersStore) {
}
func usersGetMailableEmailsByUsernames(t *testing.T, ctx context.Context, s *UsersStore) {
alice, err := s.Create(ctx, "alice", "alice@exmaple.com", CreateUserOptions{})
alice, err := s.Create(ctx, "alice", "alice@example.com", CreateUserOptions{})
require.NoError(t, err)
bob, err := s.Create(ctx, "bob", "bob@exmaple.com", CreateUserOptions{Activated: true})
bob, err := s.Create(ctx, "bob", "bob@example.com", CreateUserOptions{Activated: true})
require.NoError(t, err)
_, err = s.Create(ctx, "cindy", "cindy@exmaple.com", CreateUserOptions{Activated: true})
_, err = s.Create(ctx, "cindy", "cindy@example.com", CreateUserOptions{Activated: true})
require.NoError(t, err)
got, err := s.GetMailableEmailsByUsernames(ctx, []string{alice.Name, bob.Name, "ignore-non-exist"})

13
internal/dbtest/dbtest.go
View File

@@ -96,19 +96,6 @@ func NewDB(t *testing.T, suite string, tables ...any) *gorm.DB {
_, _ = sqlDB.Exec(fmt.Sprintf(`DROP DATABASE %q`, dbName))
_ = sqlDB.Close()
}
case "sqlite":
dbName = filepath.Join(os.TempDir(), fmt.Sprintf("gogs-%s-%d.db", suite, time.Now().Unix()))
dbOpts = conf.DatabaseOpts{
Type: "sqlite",
Path: dbName,
}
cleanup = func(db *gorm.DB) {
sqlDB, err := db.DB()
if err == nil {
_ = sqlDB.Close()
}
_ = os.Remove(dbName)
}
default:
dbName = filepath.Join(os.TempDir(), fmt.Sprintf("gogs-%s-%d.db", suite, time.Now().Unix()))
dbOpts = conf.DatabaseOpts{

7
internal/dbutil/dsn.go
View File

@@ -5,9 +5,9 @@ import (
"strings"
"github.com/cockroachdb/errors"
"github.com/glebarez/sqlite"
"gorm.io/driver/mysql"
"gorm.io/driver/postgres"
"gorm.io/driver/sqlite"
"gorm.io/driver/sqlserver"
"gorm.io/gorm"
@@ -73,7 +73,7 @@ func NewDSN(opts conf.DatabaseOpts) (dsn string, err error) {
dsn = fmt.Sprintf("server=%s; port=%s; database=%s; user id=%s; password=%s;",
host, port, opts.Name, opts.User, opts.Password)
case "sqlite3", "sqlite":
case "sqlite3":
dsn = "file:" + opts.Path + "?cache=shared&mode=rwc"
default:
@@ -101,9 +101,6 @@ func OpenDB(opts conf.DatabaseOpts, cfg *gorm.Config) (*gorm.DB, error) {
dialector = sqlserver.Open(dsn)
case "sqlite3":
dialector = sqlite.Open(dsn)
case "sqlite":
dialector = sqlite.Open(dsn)
dialector.(*sqlite.Dialector).DriverName = "sqlite"
default:
panic("unreachable")
}

2
internal/gitutil/diff.go
View File

@@ -73,7 +73,7 @@ func (s *DiffSection) ComputedInlineDiffFor(line *git.DiffLine) template.HTML {
func diffsToHTML(diffs []diffmatchpatch.Diff, lineType git.DiffLineType) template.HTML {
buf := bytes.NewBuffer(nil)
// Reproduce signs which are cutted for inline diff before.
// Reproduce signs which are cut for inline diff before.
switch lineType {
case git.DiffLineAdd:
buf.WriteByte('+')

6
internal/route/admin/auths.go
View File

@@ -151,7 +151,7 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
c.Data["HasTLS"] = hasTLS
if c.HasError() {
c.Success(tmplAdminAuthNew)
c.HTML(http.StatusBadRequest, tmplAdminAuthNew)
return
}
@@ -167,7 +167,7 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
if err != nil {
if database.IsErrLoginSourceAlreadyExist(err) {
c.FormErr("Name")
c.RenderWithErr(c.Tr("admin.auths.login_source_exist", f.Name), tmplAdminAuthNew, f)
c.RenderWithErr(c.Tr("admin.auths.login_source_exist", f.Name), http.StatusUnprocessableEntity, tmplAdminAuthNew, f)
} else {
c.Error(err, "create login source")
}
@@ -223,7 +223,7 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
c.Data["HasTLS"] = source.Provider.HasTLS()
if c.HasError() {
c.Success(tmplAdminAuthEdit)
c.HTML(http.StatusBadRequest, tmplAdminAuthEdit)
return
}

13
internal/route/admin/users.go
View File

@@ -1,6 +1,7 @@
package admin
import (
"net/http"
"strconv"
"strings"
@@ -68,7 +69,7 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
c.Data["CanSendEmail"] = conf.Email.Enabled
if c.HasError() {
c.Success(tmplAdminUserNew)
c.HTML(http.StatusBadRequest, tmplAdminUserNew)
return
}
@@ -89,13 +90,13 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
switch {
case database.IsErrUserAlreadyExist(err):
c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("form.username_been_taken"), tmplAdminUserNew, &f)
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, tmplAdminUserNew, &f)
case database.IsErrEmailAlreadyUsed(err):
c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), tmplAdminUserNew, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, tmplAdminUserNew, &f)
case database.IsErrNameNotAllowed(err):
c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tmplAdminUserNew, &f)
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplAdminUserNew, &f)
default:
c.Error(err, "create user")
}
@@ -166,7 +167,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
}
if c.HasError() {
c.Success(tmplAdminUserEdit)
c.HTML(http.StatusBadRequest, tmplAdminUserEdit)
return
}
@@ -203,7 +204,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
if err != nil {
if database.IsErrEmailAlreadyUsed(err) {
c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), tmplAdminUserEdit, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, tmplAdminUserEdit, &f)
} else {
c.Error(err, "update user")
}

4
internal/route/api/v1/repo/contents.go
View File

@@ -137,13 +137,13 @@ func GetContents(c *context.APIContext) {
}
// The entry is a directory
dir, err := gitRepo.LsTree(entry.ID().String())
dir, err := gitRepo.LsTree(entry.ID().String(), git.LsTreeOptions{Verbatim: true})
if err != nil {
c.NotFoundOrError(gitutil.NewError(err), "get tree")
return
}
entries, err := dir.Entries()
entries, err := dir.Entries(git.LsTreeOptions{Verbatim: true})
if err != nil {
c.NotFoundOrError(gitutil.NewError(err), "list entries")
return

22
internal/route/api/v1/repo/issue_comment.go
View File

@@ -88,6 +88,17 @@ func EditIssueComment(c *context.APIContext, form api.EditIssueCommentOption) {
return
}
issue, err := database.GetIssueByID(comment.IssueID)
if err != nil {
c.NotFoundOrError(err, "get issue by ID")
return
}
if issue.RepoID != c.Repo.Repository.ID {
c.NotFound()
return
}
if c.User.ID != comment.PosterID && !c.Repo.IsAdmin() {
c.Status(http.StatusForbidden)
return
@@ -112,6 +123,17 @@ func DeleteIssueComment(c *context.APIContext) {
return
}
issue, err := database.GetIssueByID(comment.IssueID)
if err != nil {
c.NotFoundOrError(err, "get issue by ID")
return
}
if issue.RepoID != c.Repo.Repository.ID {
c.NotFound()
return
}
if c.User.ID != comment.PosterID && !c.Repo.IsAdmin() {
c.Status(http.StatusForbidden)
return

18
internal/route/api/v1/repo/key.go
View File

@@ -45,6 +45,11 @@ func GetDeployKey(c *context.APIContext) {
return
}
if key.RepoID != c.Repo.Repository.ID {
c.NotFound()
return
}
if err = key.GetContent(); err != nil {
c.Error(err, "get content")
return
@@ -94,7 +99,18 @@ func CreateDeployKey(c *context.APIContext, form api.CreateKeyOption) {
// https://github.com/gogs/go-gogs-client/wiki/Repositories-Deploy-Keys#remove-a-deploy-key
func DeleteDeploykey(c *context.APIContext) {
if err := database.DeleteDeployKey(c.User, c.ParamsInt64(":id")); err != nil {
key, err := database.GetDeployKeyByID(c.ParamsInt64(":id"))
if err != nil {
c.NotFoundOrError(err, "get deploy key by ID")
return
}
if key.RepoID != c.Repo.Repository.ID {
c.NotFound()
return
}
if err := database.DeleteDeployKey(c.User, key.ID); err != nil {
if database.IsErrKeyAccessDenied(err) {
c.ErrorStatus(http.StatusForbidden, errors.New("You do not have access to this key"))
} else {

4
internal/route/api/v1/repo/tree.go
View File

@@ -17,13 +17,13 @@ func GetRepoGitTree(c *context.APIContext) {
}
sha := c.Params(":sha")
tree, err := gitRepo.LsTree(sha)
tree, err := gitRepo.LsTree(sha, git.LsTreeOptions{Verbatim: true})
if err != nil {
c.NotFoundOrError(gitutil.NewError(err), "get tree")
return
}
entries, err := tree.Entries()
entries, err := tree.Entries(git.LsTreeOptions{Verbatim: true})
if err != nil {
c.Error(err, "list entries")
return

36
internal/route/install.go
View File

@@ -1,6 +1,7 @@
package route
import (
"net/http"
"net/mail"
"os"
"os/exec"
@@ -194,13 +195,12 @@ func InstallPost(c *context.Context, f form.Install) {
c.HasValue("Err_AdminEmail") {
c.FormErr("Admin")
}
c.Success(INSTALL)
c.HTML(http.StatusBadRequest, INSTALL)
return
}
if _, err := exec.LookPath("git"); err != nil {
c.RenderWithErr(c.Tr("install.test_git_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.test_git_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
@@ -222,7 +222,7 @@ func InstallPost(c *context.Context, f form.Install) {
if conf.Database.Type == "sqlite3" && conf.Database.Path == "" {
c.FormErr("DbPath")
c.RenderWithErr(c.Tr("install.err_empty_db_path"), INSTALL, &f)
c.RenderWithErr(c.Tr("install.err_empty_db_path"), http.StatusBadRequest, INSTALL, &f)
return
}
@@ -230,10 +230,10 @@ func InstallPost(c *context.Context, f form.Install) {
if err := database.NewTestEngine(); err != nil {
if strings.Contains(err.Error(), `Unknown database type: sqlite3`) {
c.FormErr("DbType")
c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), INSTALL, &f)
c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), http.StatusInternalServerError, INSTALL, &f)
} else {
c.FormErr("DbSetting")
c.RenderWithErr(c.Tr("install.invalid_db_setting", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_db_setting", err), http.StatusBadRequest, INSTALL, &f)
}
return
}
@@ -242,7 +242,7 @@ func InstallPost(c *context.Context, f form.Install) {
f.RepoRootPath = strings.ReplaceAll(f.RepoRootPath, "\\", "/")
if err := os.MkdirAll(f.RepoRootPath, os.ModePerm); err != nil {
c.FormErr("RepoRootPath")
c.RenderWithErr(c.Tr("install.invalid_repo_path", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_repo_path", err), http.StatusBadRequest, INSTALL, &f)
return
}
@@ -250,21 +250,21 @@ func InstallPost(c *context.Context, f form.Install) {
f.LogRootPath = strings.ReplaceAll(f.LogRootPath, "\\", "/")
if err := os.MkdirAll(f.LogRootPath, os.ModePerm); err != nil {
c.FormErr("LogRootPath")
c.RenderWithErr(c.Tr("install.invalid_log_root_path", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_log_root_path", err), http.StatusBadRequest, INSTALL, &f)
return
}
currentUser, match := conf.CheckRunUser(f.RunUser)
if !match {
c.FormErr("RunUser")
c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), INSTALL, &f)
c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), http.StatusForbidden, INSTALL, &f)
return
}
// Check host address and port
if len(f.SMTPHost) > 0 && !strings.Contains(f.SMTPHost, ":") {
c.FormErr("SMTP", "SMTPHost")
c.RenderWithErr(c.Tr("install.smtp_host_missing_port"), INSTALL, &f)
c.RenderWithErr(c.Tr("install.smtp_host_missing_port"), http.StatusBadRequest, INSTALL, &f)
return
}
@@ -273,7 +273,7 @@ func InstallPost(c *context.Context, f form.Install) {
_, err := mail.ParseAddress(f.SMTPFrom)
if err != nil {
c.FormErr("SMTP", "SMTPFrom")
c.RenderWithErr(c.Tr("install.invalid_smtp_from", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_smtp_from", err), http.StatusBadRequest, INSTALL, &f)
return
}
}
@@ -281,19 +281,19 @@ func InstallPost(c *context.Context, f form.Install) {
// Check logic loophole between disable self-registration and no admin account.
if f.DisableRegistration && f.AdminName == "" {
c.FormErr("Services", "Admin")
c.RenderWithErr(c.Tr("install.no_admin_and_disable_registration"), INSTALL, f)
c.RenderWithErr(c.Tr("install.no_admin_and_disable_registration"), http.StatusUnprocessableEntity, INSTALL, f)
return
}
// Check admin password.
if len(f.AdminName) > 0 && f.AdminPasswd == "" {
c.FormErr("Admin", "AdminPasswd")
c.RenderWithErr(c.Tr("install.err_empty_admin_password"), INSTALL, f)
c.RenderWithErr(c.Tr("install.err_empty_admin_password"), http.StatusBadRequest, INSTALL, f)
return
}
if f.AdminPasswd != f.AdminConfirmPasswd {
c.FormErr("Admin", "AdminPasswd")
c.RenderWithErr(c.Tr("form.password_not_match"), INSTALL, f)
c.RenderWithErr(c.Tr("form.password_not_match"), http.StatusBadRequest, INSTALL, f)
return
}
@@ -367,21 +367,21 @@ func InstallPost(c *context.Context, f form.Install) {
cfg.Section("security").Key("INSTALL_LOCK").SetValue("true")
secretKey, err := strutil.RandomChars(15)
if err != nil {
c.RenderWithErr(c.Tr("install.secret_key_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.secret_key_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)
_ = os.MkdirAll(filepath.Dir(conf.CustomConf), os.ModePerm)
if err := cfg.SaveTo(conf.CustomConf); err != nil {
c.RenderWithErr(c.Tr("install.save_config_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.save_config_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
// NOTE: We reuse the current value because this handler does not have access to CLI flags.
err = GlobalInit(conf.CustomConf)
if err != nil {
c.RenderWithErr(c.Tr("install.init_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.init_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
@@ -401,7 +401,7 @@ func InstallPost(c *context.Context, f form.Install) {
if !database.IsErrUserAlreadyExist(err) {
conf.Security.InstallLock = false
c.FormErr("AdminName", "AdminEmail")
c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), http.StatusBadRequest, INSTALL, &f)
return
}

8
internal/route/org/org.go
View File

@@ -1,6 +1,8 @@
package org
import (
"net/http"
log "unknwon.dev/clog/v2"
"gogs.io/gogs/internal/context"
@@ -21,7 +23,7 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
c.Title("new_org")
if c.HasError() {
c.Success(CREATE)
c.HTML(http.StatusBadRequest, CREATE)
return
}
@@ -35,9 +37,9 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
c.Data["Err_OrgName"] = true
switch {
case database.IsErrUserAlreadyExist(err):
c.RenderWithErr(c.Tr("form.org_name_been_taken"), CREATE, &f)
c.RenderWithErr(c.Tr("form.org_name_been_taken"), http.StatusUnprocessableEntity, CREATE, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("org.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), CREATE, &f)
c.RenderWithErr(c.Tr("org.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, CREATE, &f)
default:
c.Error(err, "create organization")
}

14
internal/route/org/setting.go
View File

@@ -1,6 +1,8 @@
package org
import (
"net/http"
log "unknwon.dev/clog/v2"
"gogs.io/gogs/internal/auth"
@@ -27,7 +29,7 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
c.Data["PageIsSettingsOptions"] = true
if c.HasError() {
c.Success(tmplOrgSettingsOptions)
c.HTML(http.StatusBadRequest, tmplOrgSettingsOptions)
return
}
@@ -38,18 +40,14 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
err := database.Handle.Users().ChangeUsername(c.Req.Context(), c.Org.Organization.ID, f.Name)
if err != nil {
c.Data["OrgName"] = true
var msg string
switch {
case database.IsErrUserAlreadyExist(err):
msg = c.Tr("form.username_been_taken")
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, tmplOrgSettingsOptions, &f)
case database.IsErrNameNotAllowed(err):
msg = c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value())
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplOrgSettingsOptions, &f)
default:
c.Error(err, "change organization name")
return
}
c.RenderWithErr(msg, tmplOrgSettingsOptions, &f)
return
}
@@ -104,7 +102,7 @@ func SettingsDelete(c *context.Context) {
if c.Req.Method == "POST" {
if _, err := database.Handle.Users().Authenticate(c.Req.Context(), c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
if auth.IsErrBadCredentials(err) {
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), tmplOrgSettingsDelete, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), http.StatusUnauthorized, tmplOrgSettingsDelete, nil)
} else {
c.Error(err, "authenticate user")
}

10
internal/route/org/teams.go
View File

@@ -159,7 +159,7 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Team"] = t
if c.HasError() {
c.Success(tmplOrgTeamNew)
c.HTML(http.StatusBadRequest, tmplOrgTeamNew)
return
}
@@ -167,9 +167,9 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Err_TeamName"] = true
switch {
case database.IsErrTeamAlreadyExist(err):
c.RenderWithErr(c.Tr("form.team_name_been_taken"), tmplOrgTeamNew, &f)
c.RenderWithErr(c.Tr("form.team_name_been_taken"), http.StatusUnprocessableEntity, tmplOrgTeamNew, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("org.form.team_name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tmplOrgTeamNew, &f)
c.RenderWithErr(c.Tr("org.form.team_name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplOrgTeamNew, &f)
default:
c.Error(err, "new team")
}
@@ -214,7 +214,7 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Team"] = t
if c.HasError() {
c.Success(tmplOrgTeamNew)
c.HTML(http.StatusBadRequest, tmplOrgTeamNew)
return
}
@@ -245,7 +245,7 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Err_TeamName"] = true
switch {
case database.IsErrTeamAlreadyExist(err):
c.RenderWithErr(c.Tr("form.team_name_been_taken"), tmplOrgTeamNew, &f)
c.RenderWithErr(c.Tr("form.team_name_been_taken"), http.StatusUnprocessableEntity, tmplOrgTeamNew, &f)
default:
c.Error(err, "update team")
}

19
internal/route/repo/branch.go
View File

@@ -10,7 +10,7 @@ import (
"gogs.io/gogs/internal/context"
"gogs.io/gogs/internal/database"
"gogs.io/gogs/internal/tool"
"gogs.io/gogs/internal/urlutil"
)
const (
@@ -109,7 +109,7 @@ func DeleteBranchPost(c *context.Context) {
defer func() {
redirectTo := c.Query("redirect_to")
if !tool.IsSameSiteURLPath(redirectTo) {
if !urlutil.IsSameSite(redirectTo) {
redirectTo = c.Repo.RepoLink
}
c.Redirect(redirectTo)
@@ -118,6 +118,21 @@ func DeleteBranchPost(c *context.Context) {
if !c.Repo.GitRepo.HasBranch(branchName) {
return
}
if branchName == c.Repo.Repository.DefaultBranch {
c.Flash.Error(c.Tr("repo.branches.default_deletion_not_allowed"))
return
}
protectBranch, err := database.GetProtectBranchOfRepoByName(c.Repo.Repository.ID, branchName)
if err != nil && !database.IsErrBranchNotExist(err) {
log.Error("Failed to get protected branch %q: %v", branchName, err)
return
}
if protectBranch != nil && protectBranch.Protected {
c.Flash.Error(c.Tr("repo.branches.protected_deletion_not_allowed"))
return
}
if len(commitID) > 0 {
branchCommitID, err := c.Repo.GitRepo.BranchCommitID(branchName)
if err != nil {

36
internal/route/repo/editor.go
View File

@@ -153,20 +153,20 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
c.Data["PreviewableFileModes"] = strings.Join(conf.Repository.Editor.PreviewableFileModes, ",")
if c.HasError() {
c.Success(tmplEditorEdit)
c.HTML(http.StatusBadRequest, tmplEditorEdit)
return
}
if f.TreePath == "" {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.filename_cannot_be_empty"), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.filename_cannot_be_empty"), http.StatusBadRequest, tmplEditorEdit, &f)
return
}
if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
}
@@ -187,18 +187,18 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if index != len(treeNames)-1 {
if !entry.IsTree() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
} else {
// 🚨 SECURITY: Do not allow editing if the target file is a symlink.
if entry.IsSymlink() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", part), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", part), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
} else if entry.IsTree() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.filename_is_a_directory", part), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.filename_is_a_directory", part), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
}
@@ -209,7 +209,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if err != nil {
if gitutil.IsErrRevisionNotExist(err) {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_editing_no_longer_exists", oldTreePath), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_editing_no_longer_exists", oldTreePath), http.StatusNotFound, tmplEditorEdit, &f)
} else {
c.Error(err, "get tree entry")
}
@@ -219,7 +219,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
// 🚨 SECURITY: Do not allow editing if the old file is a symlink.
if entry.IsSymlink() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", oldTreePath), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", oldTreePath), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
@@ -232,7 +232,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
for _, file := range files {
if file == f.TreePath {
c.RenderWithErr(c.Tr("repo.editor.file_changed_while_editing", c.Repo.RepoLink+"/compare/"+lastCommit+"..."+c.Repo.CommitID), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_changed_while_editing", c.Repo.RepoLink+"/compare/"+lastCommit+"..."+c.Repo.CommitID), http.StatusConflict, tmplEditorEdit, &f)
return
}
}
@@ -250,7 +250,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
}
if entry != nil {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_already_exists", f.TreePath), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_already_exists", f.TreePath), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
}
@@ -280,7 +280,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
}); err != nil {
log.Error("Failed to update repo file: %v", err)
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.fail_to_update_file", f.TreePath, errInternalServerError), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.fail_to_update_file", f.TreePath, errInternalServerError), http.StatusInternalServerError, tmplEditorEdit, &f)
return
}
@@ -358,14 +358,14 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
c.Data["new_branch_name"] = branchName
if c.HasError() {
c.Success(tmplEditorDelete)
c.HTML(http.StatusBadRequest, tmplEditorDelete)
return
}
if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), tmplEditorDelete, &f)
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), http.StatusUnprocessableEntity, tmplEditorDelete, &f)
return
}
}
@@ -388,7 +388,7 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
Message: message,
}); err != nil {
log.Error("Failed to delete repo file: %v", err)
c.RenderWithErr(c.Tr("repo.editor.fail_to_delete_file", c.Repo.TreePath, errInternalServerError), tmplEditorDelete, &f)
c.RenderWithErr(c.Tr("repo.editor.fail_to_delete_file", c.Repo.TreePath, errInternalServerError), http.StatusInternalServerError, tmplEditorDelete, &f)
return
}
@@ -456,14 +456,14 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
c.Data["new_branch_name"] = branchName
if c.HasError() {
c.Success(tmplEditorUpload)
c.HTML(http.StatusBadRequest, tmplEditorUpload)
return
}
if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), tmplEditorUpload, &f)
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), http.StatusUnprocessableEntity, tmplEditorUpload, &f)
return
}
}
@@ -485,7 +485,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
// User can only upload files to a directory.
if !entry.IsTree() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), tmplEditorUpload, &f)
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), http.StatusUnprocessableEntity, tmplEditorUpload, &f)
return
}
}
@@ -510,7 +510,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
}); err != nil {
log.Error("Failed to upload files: %v", err)
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.unable_to_upload_files", f.TreePath, errInternalServerError), tmplEditorUpload, &f)
c.RenderWithErr(c.Tr("repo.editor.unable_to_upload_files", f.TreePath, errInternalServerError), http.StatusInternalServerError, tmplEditorUpload, &f)
return
}

36
internal/route/repo/issue.go
View File

@@ -409,7 +409,7 @@ func NewIssuePost(c *context.Context, f form.NewIssue) {
}
if c.HasError() {
c.Success(tmplRepoIssueNew)
c.HTML(http.StatusBadRequest, tmplRepoIssueNew)
return
}
@@ -926,6 +926,17 @@ func UpdateCommentContent(c *context.Context) {
return
}
issue, err := database.GetIssueByID(comment.IssueID)
if err != nil {
c.NotFoundOrError(err, "get issue by ID")
return
}
if issue.RepoID != c.Repo.Repository.ID {
c.NotFound()
return
}
if c.UserID() != comment.PosterID && !c.Repo.IsAdmin() {
c.NotFound()
return
@@ -959,6 +970,17 @@ func DeleteComment(c *context.Context) {
return
}
issue, err := database.GetIssueByID(comment.IssueID)
if err != nil {
c.NotFoundOrError(err, "get issue by ID")
return
}
if issue.RepoID != c.Repo.Repository.ID {
c.NotFound()
return
}
if c.UserID() != comment.PosterID && !c.Repo.IsAdmin() {
c.NotFound()
return
@@ -1034,9 +1056,9 @@ func NewLabel(c *context.Context, f form.CreateLabel) {
}
func UpdateLabel(c *context.Context, f form.CreateLabel) {
l, err := database.GetLabelByID(f.ID)
l, err := database.GetLabelOfRepoByID(c.Repo.Repository.ID, f.ID)
if err != nil {
c.NotFoundOrError(err, "get label by ID")
c.NotFoundOrError(err, "get label of repository by ID")
return
}
@@ -1126,7 +1148,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
c.Data["DateLang"] = conf.I18n.DateLang(c.Language())
if c.HasError() {
c.Success(tmplRepoIssueMilestoneNew)
c.HTML(http.StatusBadRequest, tmplRepoIssueMilestoneNew)
return
}
@@ -1136,7 +1158,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local)
if err != nil {
c.Data["Err_Deadline"] = true
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), tmplRepoIssueMilestoneNew, &f)
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), http.StatusBadRequest, tmplRepoIssueMilestoneNew, &f)
return
}
@@ -1182,7 +1204,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
c.Data["DateLang"] = conf.I18n.DateLang(c.Language())
if c.HasError() {
c.Success(tmplRepoIssueMilestoneNew)
c.HTML(http.StatusBadRequest, tmplRepoIssueMilestoneNew)
return
}
@@ -1192,7 +1214,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local)
if err != nil {
c.Data["Err_Deadline"] = true
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), tmplRepoIssueMilestoneNew, &f)
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), http.StatusBadRequest, tmplRepoIssueMilestoneNew, &f)
return
}

66
internal/route/repo/pull.go
View File

@@ -108,7 +108,7 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
c.Data["ContextUser"] = ctxUser
if c.HasError() {
c.Success(tmplRepoPullsFork)
c.HTML(http.StatusBadRequest, tmplRepoPullsFork)
return
}
@@ -129,7 +129,7 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
// Cannot fork to same owner
if ctxUser.ID == baseRepo.OwnerID {
c.RenderWithErr(c.Tr("repo.settings.cannot_fork_to_same_owner"), tmplRepoPullsFork, &f)
c.RenderWithErr(c.Tr("repo.settings.cannot_fork_to_same_owner"), http.StatusUnprocessableEntity, tmplRepoPullsFork, &f)
return
}
@@ -138,11 +138,11 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
c.Data["Err_RepoName"] = true
switch {
case database.IsErrReachLimitOfRepo(err):
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), tmplRepoPullsFork, &f)
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), http.StatusForbidden, tmplRepoPullsFork, &f)
case database.IsErrRepoAlreadyExist(err):
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), tmplRepoPullsFork, &f)
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), http.StatusUnprocessableEntity, tmplRepoPullsFork, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tmplRepoPullsFork, &f)
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplRepoPullsFork, &f)
default:
c.Error(err, "fork repository")
}
@@ -433,23 +433,23 @@ func MergePullRequest(c *context.Context) {
func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository, *git.Repository, *gitutil.PullRequestMeta, string, string) {
baseRepo := c.Repo.Repository
// Get compared branches information
// format: <base branch>...[<head repo>:]<head branch>
// Get compared refs information
// format: <base ref>...[<head repo>:]<head ref>
// base<-head: master...head:feature
// same repo: master...feature
infos := strings.Split(c.Params("*"), "...")
if len(infos) != 2 {
log.Trace("ParseCompareInfo[%d]: not enough compared branches information %s", baseRepo.ID, infos)
log.Trace("ParseCompareInfo[%d]: not enough compared refs information %s", baseRepo.ID, infos)
c.NotFound()
return nil, nil, nil, nil, "", ""
}
baseBranch := infos[0]
c.Data["BaseBranch"] = baseBranch
baseRef := infos[0]
c.Data["BaseBranch"] = baseRef
var (
headUser *database.User
headBranch string
headRef string
isSameRepo bool
err error
)
@@ -459,7 +459,7 @@ func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository,
if len(headInfos) == 1 {
isSameRepo = true
headUser = c.Repo.Owner
headBranch = headInfos[0]
headRef = headInfos[0]
} else if len(headInfos) == 2 {
headUser, err = database.Handle.Users().GetByUsername(c.Req.Context(), headInfos[0])
@@ -467,7 +467,7 @@ func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository,
c.NotFoundOrError(err, "get user by name")
return nil, nil, nil, nil, "", ""
}
headBranch = headInfos[1]
headRef = headInfos[1]
isSameRepo = headUser.ID == baseRepo.OwnerID
} else {
@@ -475,11 +475,11 @@ func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository,
return nil, nil, nil, nil, "", ""
}
c.Data["HeadUser"] = headUser
c.Data["HeadBranch"] = headBranch
c.Data["HeadBranch"] = headRef
c.Repo.PullRequest.SameRepo = isSameRepo
// Check if base branch is valid.
if !c.Repo.GitRepo.HasBranch(baseBranch) {
// Check if base ref is valid.
if _, err := c.Repo.GitRepo.RevParse(baseRef); err != nil {
c.NotFound()
return nil, nil, nil, nil, "", ""
}
@@ -528,8 +528,8 @@ func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository,
return nil, nil, nil, nil, "", ""
}
// Check if head branch is valid.
if !headGitRepo.HasBranch(headBranch) {
// Check if head ref is valid.
if _, err := headGitRepo.RevParse(headRef); err != nil {
c.NotFound()
return nil, nil, nil, nil, "", ""
}
@@ -542,7 +542,7 @@ func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository,
c.Data["HeadBranches"] = headBranches
baseRepoPath := database.RepoPath(baseRepo.Owner.Name, baseRepo.Name)
meta, err := gitutil.Module.PullRequestMeta(headGitRepo.Path(), baseRepoPath, headBranch, baseBranch)
meta, err := gitutil.Module.PullRequestMeta(headGitRepo.Path(), baseRepoPath, headRef, baseRef)
if err != nil {
if gitutil.IsErrNoMergeBase(err) {
c.Data["IsNoMergeBase"] = true
@@ -554,7 +554,7 @@ func ParseCompareInfo(c *context.Context) (*database.User, *database.Repository,
}
c.Data["BeforeCommitID"] = meta.MergeBase
return headUser, headRepo, headGitRepo, meta, baseBranch, headBranch
return headUser, headRepo, headGitRepo, meta, baseRef, headRef
}
func PrepareCompareDiff(
@@ -563,7 +563,7 @@ func PrepareCompareDiff(
headRepo *database.Repository,
headGitRepo *git.Repository,
meta *gitutil.PullRequestMeta,
headBranch string,
headRef string,
) bool {
var (
repo = c.Repo.Repository
@@ -573,9 +573,9 @@ func PrepareCompareDiff(
// Get diff information.
c.Data["CommitRepoLink"] = headRepo.Link()
headCommitID, err := headGitRepo.BranchCommitID(headBranch)
headCommitID, err := headGitRepo.RevParse(headRef)
if err != nil {
c.Error(err, "get head branch commit ID")
c.Error(err, "get head commit ID")
return false
}
c.Data["AfterCommitID"] = headCommitID
@@ -625,12 +625,12 @@ func CompareAndPullRequest(c *context.Context) {
setTemplateIfExists(c, PullRequestTemplateKey, PullRequestTemplateCandidates)
renderAttachmentSettings(c)
headUser, headRepo, headGitRepo, prInfo, baseBranch, headBranch := ParseCompareInfo(c)
headUser, headRepo, headGitRepo, prInfo, baseRef, headRef := ParseCompareInfo(c)
if c.Written() {
return
}
pr, err := database.GetUnmergedPullRequest(headRepo.ID, c.Repo.Repository.ID, headBranch, baseBranch)
pr, err := database.GetUnmergedPullRequest(headRepo.ID, c.Repo.Repository.ID, headRef, baseRef)
if err != nil {
if !database.IsErrPullRequestNotExist(err) {
c.Error(err, "get unmerged pull request")
@@ -643,7 +643,7 @@ func CompareAndPullRequest(c *context.Context) {
return
}
nothingToCompare := PrepareCompareDiff(c, headUser, headRepo, headGitRepo, prInfo, headBranch)
nothingToCompare := PrepareCompareDiff(c, headUser, headRepo, headGitRepo, prInfo, headRef)
if c.Written() {
return
}
@@ -666,7 +666,7 @@ func CompareAndPullRequest(c *context.Context) {
if c.Data[PullRequestTitleTemplateKey] != nil {
customTitle := c.Data[PullRequestTitleTemplateKey].(string)
r := strings.NewReplacer("{{headBranch}}", headBranch, "{{baseBranch}}", baseBranch)
r := strings.NewReplacer("{{headBranch}}", headRef, "{{baseBranch}}", baseRef)
c.Data["title"] = r.Replace(customTitle)
}
@@ -685,7 +685,7 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
attachments []string
)
headUser, headRepo, headGitRepo, meta, baseBranch, headBranch := ParseCompareInfo(c)
headUser, headRepo, headGitRepo, meta, baseRef, headRef := ParseCompareInfo(c)
if c.Written() {
return
}
@@ -704,16 +704,16 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
// This stage is already stop creating new pull request, so it does not matter if it has
// something to compare or not.
PrepareCompareDiff(c, headUser, headRepo, headGitRepo, meta, headBranch)
PrepareCompareDiff(c, headUser, headRepo, headGitRepo, meta, headRef)
if c.Written() {
return
}
c.Success(tmplRepoPullsCompare)
c.HTML(http.StatusBadRequest, tmplRepoPullsCompare)
return
}
patch, err := headGitRepo.DiffBinary(meta.MergeBase, headBranch)
patch, err := headGitRepo.DiffBinary(meta.MergeBase, headRef)
if err != nil {
c.Error(err, "get patch")
return
@@ -734,8 +734,8 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
HeadRepoID: headRepo.ID,
BaseRepoID: repo.ID,
HeadUserName: headUser.Name,
HeadBranch: headBranch,
BaseBranch: baseBranch,
HeadBranch: headRef,
BaseBranch: baseRef,
HeadRepo: headRepo,
BaseRepo: repo,
MergeBase: meta.MergeBase,

11
internal/route/repo/release.go
View File

@@ -1,6 +1,7 @@
package repo
import (
"net/http"
"strings"
"github.com/cockroachdb/errors"
@@ -169,12 +170,12 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
renderReleaseAttachmentSettings(c)
if c.HasError() {
c.Success(tmplRepoReleaseNew)
c.HTML(http.StatusBadRequest, tmplRepoReleaseNew)
return
}
if !c.Repo.GitRepo.HasBranch(f.Target) {
c.RenderWithErr(c.Tr("form.target_branch_not_exist"), tmplRepoReleaseNew, &f)
c.RenderWithErr(c.Tr("form.target_branch_not_exist"), http.StatusUnprocessableEntity, tmplRepoReleaseNew, &f)
return
}
@@ -222,9 +223,9 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
c.Data["Err_TagName"] = true
switch {
case database.IsErrReleaseAlreadyExist(err):
c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), tmplRepoReleaseNew, &f)
c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), http.StatusUnprocessableEntity, tmplRepoReleaseNew, &f)
case database.IsErrInvalidTagName(err):
c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), tmplRepoReleaseNew, &f)
c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), http.StatusBadRequest, tmplRepoReleaseNew, &f)
default:
c.Error(err, "new release")
}
@@ -280,7 +281,7 @@ func EditReleasePost(c *context.Context, f form.EditRelease) {
c.Data["IsDraft"] = rel.IsDraft
if c.HasError() {
c.Success(tmplRepoReleaseNew)
c.HTML(http.StatusBadRequest, tmplRepoReleaseNew)
return
}

25
internal/route/repo/repo.go
View File

@@ -17,6 +17,7 @@ import (
"gogs.io/gogs/internal/database"
"gogs.io/gogs/internal/form"
"gogs.io/gogs/internal/tool"
"gogs.io/gogs/internal/urlutil"
)
const (
@@ -85,13 +86,13 @@ func Create(c *context.Context) {
func handleCreateError(c *context.Context, err error, name, tpl string, form any) {
switch {
case database.IsErrReachLimitOfRepo(err):
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), tpl, form)
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), http.StatusForbidden, tpl, form)
case database.IsErrRepoAlreadyExist(err):
c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), tpl, form)
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), http.StatusUnprocessableEntity, tpl, form)
case database.IsErrNameNotAllowed(err):
c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tpl, form)
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tpl, form)
default:
c.Error(err, name)
}
@@ -111,7 +112,7 @@ func CreatePost(c *context.Context, f form.CreateRepo) {
c.Data["ContextUser"] = ctxUser
if c.HasError() {
c.Success(CREATE)
c.HTML(http.StatusBadRequest, CREATE)
return
}
@@ -165,7 +166,7 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
c.Data["ContextUser"] = ctxUser
if c.HasError() {
c.Success(MIGRATE)
c.HTML(http.StatusBadRequest, MIGRATE)
return
}
@@ -176,13 +177,13 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
addrErr := err.(database.ErrInvalidCloneAddr)
switch {
case addrErr.IsURLError:
c.RenderWithErr(c.Tr("repo.migrate.clone_address")+c.Tr("form.url_error"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.clone_address")+c.Tr("form.url_error"), http.StatusBadRequest, MIGRATE, &f)
case addrErr.IsPermissionDenied:
c.RenderWithErr(c.Tr("repo.migrate.permission_denied"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.permission_denied"), http.StatusForbidden, MIGRATE, &f)
case addrErr.IsInvalidPath:
c.RenderWithErr(c.Tr("repo.migrate.invalid_local_path"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.invalid_local_path"), http.StatusBadRequest, MIGRATE, &f)
case addrErr.IsBlockedLocalAddress:
c.RenderWithErr(c.Tr("repo.migrate.clone_address_resolved_to_blocked_local_address"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.clone_address_resolved_to_blocked_local_address"), http.StatusForbidden, MIGRATE, &f)
default:
c.Error(err, "unexpected error")
}
@@ -215,11 +216,11 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
if strings.Contains(err.Error(), "Authentication failed") ||
strings.Contains(err.Error(), "could not read Username") {
c.Data["Err_Auth"] = true
c.RenderWithErr(c.Tr("form.auth_failed", database.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
c.RenderWithErr(c.Tr("form.auth_failed", database.HandleMirrorCredentials(err.Error(), true)), http.StatusUnauthorized, MIGRATE, &f)
return
} else if strings.Contains(err.Error(), "fatal:") {
c.Data["Err_CloneAddr"] = true
c.RenderWithErr(c.Tr("repo.migrate.failed", database.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.failed", database.HandleMirrorCredentials(err.Error(), true)), http.StatusInternalServerError, MIGRATE, &f)
return
}
@@ -260,7 +261,7 @@ func Action(c *context.Context) {
}
redirectTo := c.Query("redirect_to")
if !tool.IsSameSiteURLPath(redirectTo) {
if !urlutil.IsSameSite(redirectTo) {
redirectTo = c.Repo.RepoLink
}
c.Redirect(redirectTo)

27
internal/route/repo/setting.go
View File

@@ -3,6 +3,7 @@ package repo
import (
"fmt"
"io"
"net/http"
"strings"
"time"
@@ -49,7 +50,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
switch c.Query("action") {
case "update":
if c.HasError() {
c.Success(tmplRepoSettingsOptions)
c.HTML(http.StatusBadRequest, tmplRepoSettingsOptions)
return
}
@@ -63,9 +64,9 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
c.FormErr("RepoName")
switch {
case database.IsErrRepoAlreadyExist(err):
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), tmplRepoSettingsOptions, &f)
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), http.StatusUnprocessableEntity, tmplRepoSettingsOptions, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tmplRepoSettingsOptions, &f)
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplRepoSettingsOptions, &f)
default:
c.Error(err, "change repository name")
}
@@ -175,7 +176,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), tmplRepoSettingsOptions, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, tmplRepoSettingsOptions, nil)
return
}
@@ -209,7 +210,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), tmplRepoSettingsOptions, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, tmplRepoSettingsOptions, nil)
return
}
@@ -222,13 +223,13 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
newOwner := c.Query("new_owner_name")
if !database.Handle.Users().IsUsernameUsed(c.Req.Context(), newOwner, c.Repo.Owner.ID) {
c.RenderWithErr(c.Tr("form.enterred_invalid_owner_name"), tmplRepoSettingsOptions, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_owner_name"), http.StatusBadRequest, tmplRepoSettingsOptions, nil)
return
}
if err := database.TransferOwnership(c.User, newOwner, repo); err != nil {
if database.IsErrRepoAlreadyExist(err) {
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), tmplRepoSettingsOptions, nil)
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), http.StatusUnprocessableEntity, tmplRepoSettingsOptions, nil)
} else {
c.Error(err, "transfer ownership")
}
@@ -244,7 +245,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), tmplRepoSettingsOptions, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, tmplRepoSettingsOptions, nil)
return
}
@@ -270,7 +271,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), tmplRepoSettingsOptions, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, tmplRepoSettingsOptions, nil)
return
}
@@ -436,7 +437,7 @@ func SettingsBranches(c *context.Context) {
if c.Repo.Repository.IsBare {
c.Flash.Info(c.Tr("repo.settings.branches_bare"), true)
c.Success(tmplRepoSettingsBranches)
c.HTML(http.StatusUnprocessableEntity, tmplRepoSettingsBranches)
return
}
@@ -652,7 +653,7 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
c.Data["Deploykeys"] = keys
if c.HasError() {
c.Success(tmplRepoSettingsDeployKeys)
c.HTML(http.StatusBadRequest, tmplRepoSettingsDeployKeys)
return
}
@@ -675,10 +676,10 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
switch {
case database.IsErrKeyAlreadyExist(err):
c.Data["Err_Content"] = true
c.RenderWithErr(c.Tr("repo.settings.key_been_used"), tmplRepoSettingsDeployKeys, &f)
c.RenderWithErr(c.Tr("repo.settings.key_been_used"), http.StatusUnprocessableEntity, tmplRepoSettingsDeployKeys, &f)
case database.IsErrKeyNameAlreadyUsed(err):
c.Data["Err_Title"] = true
c.RenderWithErr(c.Tr("repo.settings.key_name_used"), tmplRepoSettingsDeployKeys, &f)
c.RenderWithErr(c.Tr("repo.settings.key_name_used"), http.StatusUnprocessableEntity, tmplRepoSettingsDeployKeys, &f)
default:
c.Error(err, "add deploy key")
}

3
internal/route/repo/view.go
View File

@@ -36,7 +36,7 @@ func renderDirectory(c *context.Context, treeLink string) {
return
}
entries, err := tree.Entries()
entries, err := tree.Entries(git.LsTreeOptions{Verbatim: true})
if err != nil {
c.Error(err, "list entries")
return
@@ -125,6 +125,7 @@ func renderFile(c *context.Context, entry *git.TreeEntry, treeLink, rawLink stri
return
}
c.Data["Title"] = blob.Name() + " - " + c.Data["Title"].(string)
c.Data["FileSize"] = blob.Size()
c.Data["FileName"] = blob.Name()
c.Data["HighlightClass"] = highlight.FileNameToHighlightClass(blob.Name())

24
internal/route/repo/webhook.go
View File

@@ -116,32 +116,32 @@ func WebhooksNew(c *context.Context, orCtx *orgRepoContext) {
c.Success(orCtx.TmplNew)
}
func validateWebhook(l macaron.Locale, w *database.Webhook) (field, msg string, ok bool) {
func validateWebhook(l macaron.Locale, w *database.Webhook) (field, msg string, status int) {
// 🚨 SECURITY: Local addresses must not be allowed by non-admins to prevent SSRF,
// see https://github.com/gogs/gogs/issues/5366 for details.
payloadURL, err := url.Parse(w.URL)
if err != nil {
return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), false
return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), http.StatusBadRequest
}
if netutil.IsBlockedLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) {
return "PayloadURL", l.Tr("repo.settings.webhook.url_resolved_to_blocked_local_address"), false
return "PayloadURL", l.Tr("repo.settings.webhook.url_resolved_to_blocked_local_address"), http.StatusForbidden
}
return "", "", true
return "", "", http.StatusOK
}
func validateAndCreateWebhook(c *context.Context, orCtx *orgRepoContext, w *database.Webhook) {
c.Data["Webhook"] = w
if c.HasError() {
c.Success(orCtx.TmplNew)
c.HTML(http.StatusBadRequest, orCtx.TmplNew)
return
}
field, msg, ok := validateWebhook(c.Locale, w)
if !ok {
field, msg, status := validateWebhook(c.Locale, w)
if status != http.StatusOK {
c.FormErr(field)
c.RenderWithErr(msg, orCtx.TmplNew, nil)
c.RenderWithErr(msg, status, orCtx.TmplNew, nil)
return
}
@@ -338,14 +338,14 @@ func validateAndUpdateWebhook(c *context.Context, orCtx *orgRepoContext, w *data
c.Data["Webhook"] = w
if c.HasError() {
c.Success(orCtx.TmplNew)
c.HTML(http.StatusBadRequest, orCtx.TmplNew)
return
}
field, msg, ok := validateWebhook(c.Locale, w)
if !ok {
field, msg, status := validateWebhook(c.Locale, w)
if status != http.StatusOK {
c.FormErr(field)
c.RenderWithErr(msg, orCtx.TmplNew, nil)
c.RenderWithErr(msg, status, orCtx.TmplNew, nil)
return
}

39
internal/route/repo/webhook_test.go
View File

@@ -1,6 +1,7 @@
package repo
import (
"net/http"
"testing"
"github.com/stretchr/testify/assert"
@@ -9,7 +10,7 @@ import (
"gogs.io/gogs/internal/mocks"
)
func Test_validateWebhook(t *testing.T) {
func TestValidateWebhook(t *testing.T) {
l := &mocks.Locale{
MockLang: "en",
MockTr: func(s string, _ ...any) string {
@@ -18,33 +19,33 @@ func Test_validateWebhook(t *testing.T) {
}
tests := []struct {
name string
actor *database.User
webhook *database.Webhook
expField string
expMsg string
expOK bool
name string
actor *database.User
webhook *database.Webhook
wantField string
wantMsg string
wantStatus int
}{
{
name: "admin bypass local address check",
webhook: &database.Webhook{URL: "https://www.google.com"},
expOK: true,
name: "admin bypass local address check",
webhook: &database.Webhook{URL: "https://www.google.com"},
wantStatus: http.StatusOK,
},
{
name: "local address not allowed",
webhook: &database.Webhook{URL: "http://localhost:3306"},
expField: "PayloadURL",
expMsg: "repo.settings.webhook.url_resolved_to_blocked_local_address",
expOK: false,
name: "local address not allowed",
webhook: &database.Webhook{URL: "http://localhost:3306"},
wantField: "PayloadURL",
wantMsg: "repo.settings.webhook.url_resolved_to_blocked_local_address",
wantStatus: http.StatusForbidden,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
field, msg, ok := validateWebhook(l, test.webhook)
assert.Equal(t, test.expOK, ok)
assert.Equal(t, test.expMsg, msg)
assert.Equal(t, test.expField, field)
field, msg, status := validateWebhook(l, test.webhook)
assert.Equal(t, test.wantStatus, status)
assert.Equal(t, test.wantMsg, msg)
assert.Equal(t, test.wantField, field)
})
}
}

11
internal/route/repo/wiki.go
View File

@@ -1,6 +1,7 @@
package repo
import (
"net/http"
"strings"
"time"
@@ -53,7 +54,7 @@ func renderWikiPage(c *context.Context, isViewPage bool) (*git.Repository, strin
// Get page list.
if isViewPage {
entries, err := commit.Entries()
entries, err := commit.Entries(git.LsTreeOptions{Verbatim: true})
if err != nil {
c.Error(err, "list entries")
return nil, ""
@@ -155,7 +156,7 @@ func WikiPages(c *context.Context) {
return
}
entries, err := commit.Entries()
entries, err := commit.Entries(git.LsTreeOptions{Verbatim: true})
if err != nil {
c.Error(err, "list entries")
return
@@ -199,14 +200,14 @@ func NewWikiPost(c *context.Context, f form.NewWiki) {
c.Data["RequireSimpleMDE"] = true
if c.HasError() {
c.Success(tmplRepoWikiNew)
c.HTML(http.StatusBadRequest, tmplRepoWikiNew)
return
}
if err := c.Repo.Repository.AddWikiPage(c.User, f.Title, f.Content, f.Message); err != nil {
if database.IsErrWikiAlreadyExist(err) {
c.Data["Err_Title"] = true
c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), tmplRepoWikiNew, &f)
c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), http.StatusUnprocessableEntity, tmplRepoWikiNew, &f)
} else {
c.Error(err, "add wiki page")
}
@@ -240,7 +241,7 @@ func EditWikiPost(c *context.Context, f form.NewWiki) {
c.Data["RequireSimpleMDE"] = true
if c.HasError() {
c.Success(tmplRepoWikiNew)
c.HTML(http.StatusBadRequest, tmplRepoWikiNew)
return
}

27
internal/route/user/auth.go
View File

@@ -18,6 +18,7 @@ import (
"gogs.io/gogs/internal/email"
"gogs.io/gogs/internal/form"
"gogs.io/gogs/internal/tool"
"gogs.io/gogs/internal/urlutil"
"gogs.io/gogs/internal/userutil"
)
@@ -92,7 +93,7 @@ func Login(c *context.Context) {
}
if isSucceed {
if tool.IsSameSiteURLPath(redirectTo) {
if urlutil.IsSameSite(redirectTo) {
c.Redirect(redirectTo)
} else {
c.RedirectSubpath("/")
@@ -138,7 +139,7 @@ func afterLogin(c *context.Context, u *database.User, remember bool) {
redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to"))
c.SetCookie("redirect_to", "", -1, conf.Server.Subpath)
if tool.IsSameSiteURLPath(redirectTo) {
if urlutil.IsSameSite(redirectTo) {
c.Redirect(redirectTo)
return
}
@@ -157,7 +158,7 @@ func LoginPost(c *context.Context, f form.SignIn) {
c.Data["LoginSources"] = loginSources
if c.HasError() {
c.Success(tmplUserAuthLogin)
c.HTML(http.StatusBadRequest, tmplUserAuthLogin)
return
}
@@ -166,10 +167,10 @@ func LoginPost(c *context.Context, f form.SignIn) {
switch {
case auth.IsErrBadCredentials(err):
c.FormErr("UserName", "Password")
c.RenderWithErr(c.Tr("form.username_password_incorrect"), tmplUserAuthLogin, &f)
c.RenderWithErr(c.Tr("form.username_password_incorrect"), http.StatusUnauthorized, tmplUserAuthLogin, &f)
case database.IsErrLoginSourceMismatch(err):
c.FormErr("LoginSource")
c.RenderWithErr(c.Tr("form.auth_source_mismatch"), tmplUserAuthLogin, &f)
c.RenderWithErr(c.Tr("form.auth_source_mismatch"), http.StatusUnprocessableEntity, tmplUserAuthLogin, &f)
default:
c.Error(err, "authenticate user")
@@ -319,19 +320,19 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
}
if c.HasError() {
c.Success(tmplUserAuthSignup)
c.HTML(http.StatusBadRequest, tmplUserAuthSignup)
return
}
if conf.Auth.EnableRegistrationCaptcha && !cpt.VerifyReq(c.Req) {
c.FormErr("Captcha")
c.RenderWithErr(c.Tr("form.captcha_incorrect"), tmplUserAuthSignup, &f)
c.RenderWithErr(c.Tr("form.captcha_incorrect"), http.StatusUnauthorized, tmplUserAuthSignup, &f)
return
}
if f.Password != f.Retype {
c.FormErr("Password")
c.RenderWithErr(c.Tr("form.password_not_match"), tmplUserAuthSignup, &f)
c.RenderWithErr(c.Tr("form.password_not_match"), http.StatusBadRequest, tmplUserAuthSignup, &f)
return
}
@@ -348,13 +349,13 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
switch {
case database.IsErrUserAlreadyExist(err):
c.FormErr("UserName")
c.RenderWithErr(c.Tr("form.username_been_taken"), tmplUserAuthSignup, &f)
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, tmplUserAuthSignup, &f)
case database.IsErrEmailAlreadyUsed(err):
c.FormErr("Email")
c.RenderWithErr(c.Tr("form.email_been_used"), tmplUserAuthSignup, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, tmplUserAuthSignup, &f)
case database.IsErrNameNotAllowed(err):
c.FormErr("UserName")
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tmplUserAuthSignup, &f)
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplUserAuthSignup, &f)
default:
c.Error(err, "create user")
}
@@ -568,7 +569,7 @@ func ForgotPasswdPost(c *context.Context) {
if !u.IsLocal() {
c.FormErr("Email")
c.RenderWithErr(c.Tr("auth.non_local_account"), tmplUserAuthForgotPassword, nil)
c.RenderWithErr(c.Tr("auth.non_local_account"), http.StatusForbidden, tmplUserAuthForgotPassword, nil)
return
}
@@ -617,7 +618,7 @@ func ResetPasswdPost(c *context.Context) {
if len(password) < 6 {
c.Data["IsResetForm"] = true
c.Data["Err_Password"] = true
c.RenderWithErr(c.Tr("auth.password_too_short"), tmplUserAuthResetPassword, nil)
c.RenderWithErr(c.Tr("auth.password_too_short"), http.StatusBadRequest, tmplUserAuthResetPassword, nil)
return
}

4
internal/route/user/profile.go
View File

@@ -9,7 +9,7 @@ import (
"gogs.io/gogs/internal/context"
"gogs.io/gogs/internal/database"
"gogs.io/gogs/internal/route/repo"
"gogs.io/gogs/internal/tool"
"gogs.io/gogs/internal/urlutil"
)
const (
@@ -122,7 +122,7 @@ func Action(c *context.Context, puser *context.ParamsUser) {
}
redirectTo := c.Query("redirect_to")
if !tool.IsSameSiteURLPath(redirectTo) {
if !urlutil.IsSameSite(redirectTo) {
redirectTo = puser.HomeURLPath()
}
c.Redirect(redirectTo)

27
internal/route/user/setting.go
View File

@@ -8,6 +8,7 @@ import (
"html/template"
"image/png"
"io"
"net/http"
"github.com/cockroachdb/errors"
"github.com/pquerna/otp"
@@ -72,7 +73,7 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
c.Data["origin_name"] = c.User.Name
if c.HasError() {
c.Success(tmplUserSettingsProfile)
c.HTML(http.StatusBadRequest, tmplUserSettingsProfile)
return
}
@@ -83,18 +84,14 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
err := database.Handle.Users().ChangeUsername(c.Req.Context(), c.User.ID, f.Name)
if err != nil {
c.FormErr("Name")
var msg string
switch {
case database.IsErrUserAlreadyExist(errors.Cause(err)):
msg = c.Tr("form.username_been_taken")
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, tmplUserSettingsProfile, &f)
case database.IsErrNameNotAllowed(errors.Cause(err)):
msg = c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value())
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tmplUserSettingsProfile, &f)
default:
c.Error(err, "change user name")
return
}
c.RenderWithErr(msg, tmplUserSettingsProfile, &f)
return
}
@@ -203,7 +200,7 @@ func SettingsPasswordPost(c *context.Context, f form.ChangePassword) {
c.PageIs("SettingsPassword")
if c.HasError() {
c.Success(tmplUserSettingsPassword)
c.HTML(http.StatusBadRequest, tmplUserSettingsPassword)
return
}
@@ -267,14 +264,14 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
c.Data["Emails"] = emails
if c.HasError() {
c.Success(tmplUserSettingsEmail)
c.HTML(http.StatusBadRequest, tmplUserSettingsEmail)
return
}
err = database.Handle.Users().AddEmail(c.Req.Context(), c.User.ID, f.Email, !conf.Auth.RequireEmailConfirmation)
if err != nil {
if database.IsErrEmailAlreadyUsed(err) {
c.RenderWithErr(c.Tr("form.email_been_used"), tmplUserSettingsEmail, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, tmplUserSettingsEmail, &f)
} else {
c.Errorf(err, "add email address")
}
@@ -344,7 +341,7 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
c.Data["Keys"] = keys
if c.HasError() {
c.Success(tmplUserSettingsSSHKeys)
c.HTML(http.StatusBadRequest, tmplUserSettingsSSHKeys)
return
}
@@ -364,10 +361,10 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
switch {
case database.IsErrKeyAlreadyExist(err):
c.FormErr("Content")
c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), tmplUserSettingsSSHKeys, &f)
c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), http.StatusUnprocessableEntity, tmplUserSettingsSSHKeys, &f)
case database.IsErrKeyNameAlreadyUsed(err):
c.FormErr("Title")
c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), tmplUserSettingsSSHKeys, &f)
c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), http.StatusUnprocessableEntity, tmplUserSettingsSSHKeys, &f)
default:
c.Errorf(err, "add public key")
}
@@ -619,7 +616,7 @@ func (h *SettingsHandler) ApplicationsPost() macaron.Handler {
}
c.Data["Tokens"] = tokens
c.Success(tmplUserSettingsApplications)
c.HTML(http.StatusBadRequest, tmplUserSettingsApplications)
return
}
@@ -661,7 +658,7 @@ func SettingsDelete(c *context.Context) {
if c.Req.Method == "POST" {
if _, err := database.Handle.Users().Authenticate(c.Req.Context(), c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
if auth.IsErrBadCredentials(err) {
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), tmplUserSettingsDelete, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), http.StatusUnauthorized, tmplUserSettingsDelete, nil)
} else {
c.Errorf(err, "authenticate user")
}

2
internal/ssh/ssh.go
View File

@@ -87,6 +87,7 @@ func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
_ = req.Reply(true, nil)
go func() {
_, _ = io.Copy(input, ch)
input.Close()
}()
_, _ = io.Copy(ch, stdout)
_, _ = io.Copy(ch.Stderr(), stderr)
@@ -187,7 +188,6 @@ func setupHostKeys(appDataPath string, algorithms []string) ([]ssh.Signer, error
conf.SSH.KeygenPath,
"-t", algo,
"-f", keyPath,
"-m", "PEM",
"-N", run.Arg(""),
}
err = run.Cmd(context.Background(), args...).Run().Wait()

2
internal/sync/exclusive_pool.go
View File

@@ -35,7 +35,7 @@ func NewExclusivePool() *ExclusivePool {
}
// CheckIn checks in an instance to the pool and hangs while instance
// with same indentity is using the lock.
// with same identity is using the lock.
func (p *ExclusivePool) CheckIn(identity string) {
p.lock.Lock()

2
internal/sync/unique_queue.go
View File

@@ -32,7 +32,7 @@ func (q *UniqueQueue) Queue() <-chan string {
return q.queue
}
// Exist returns true if there is an instance with given indentity
// Exist returns true if there is an instance with given identity
// exists in the queue.
func (q *UniqueQueue) Exist(id any) bool {
return q.table.IsRunning(com.ToStr(id))

2
internal/testutil/testutil.go
View File

@@ -5,5 +5,5 @@ import (
"strings"
)
// InTest is ture if the current binary looks like a test artifact.
// InTest is true if the current binary looks like a test artifact.
var InTest = len(os.Args) > 0 && strings.HasSuffix(strings.TrimSuffix(os.Args[0], ".exe"), ".test")

19
internal/tool/path.go
View File

@@ -1,19 +0,0 @@
package tool
import (
"path/filepath"
"strings"
)
// IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
// False: //url, http://url, /\url
// True: /url
func IsSameSiteURLPath(url string) bool {
return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
}
// IsMaliciousPath returns true if given path is an absolute path or contains malicious content
// which has potential to traverse upper level directories.
func IsMaliciousPath(path string) bool {
return filepath.IsAbs(path) || strings.Contains(path, "..")
}

Some files were not shown because too many files have changed in this diff Show More