go mod tidy

# Conflicts:
#	.github/workflows/go.yml
#	internal/assets/templates/templates_gen.go

.github/workflows/go.yml

@@ -30,12 +30,30 @@ jobs:
         with:
           version: latest
           args: --timeout=30m
+      - name: Install Task
+        uses: arduino/setup-task@v1
+      - name: Install go-bindata
+        shell: bash
+        run: |
+          curl --silent --location --output /usr/local/bin/go-bindata https://github.com/kevinburke/go-bindata/releases/download/v3.23.0/go-bindata-linux-amd64
+          chmod +x /usr/local/bin/go-bindata
+      - name: Check Go module tidiness
+        shell: bash
+        run: |
+          go mod tidy
+          STATUS=$(git status --porcelain)
+          if [ ! -z "$STATUS" ]; then
+            echo "Unstaged files:"
+            echo $STATUS
+            echo "Run 'go mod tidy' and commit them"
+            exit 1
+          fi
 
   test:
     name: Test
     strategy:
       matrix:
-        go-version: [ 1.14.x, 1.15.x, 1.16.x, 1.17.x ]
+        go-version: [ 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x ]
         platform: [ ubuntu-latest, macos-latest, windows-latest ]
     runs-on: ${{ matrix.platform }}
     steps:

conf/app.ini

@@ -169,6 +169,8 @@ COOKIE_SECURE = false
 ENABLE_LOGIN_STATUS_COOKIE = false
 ; The cookie name to store user login status.
 LOGIN_STATUS_COOKIE_NAME = login_status
+; A comma separated list of hostnames that are explicitly allowed to be accessed within the local network.
+LOCAL_NETWORK_ALLOWLIST =
 
 [email]
 ; Whether to enable the email service.

conf/locale/locale_en-US.ini

@@ -1242,6 +1242,7 @@ config.security.cookie_secure = Enable secure cookie
 config.security.reverse_proxy_auth_user = Reverse proxy authentication header
 config.security.enable_login_status_cookie = Enable login status cookie
 config.security.login_status_cookie_name = Login status cookie
+config.security.local_network_allowlist = Local network allowlist
 
 config.email_config = Email configuration
 config.email.enabled = Enabled

docker/start.sh

@@ -31,8 +31,12 @@ cleanup() {
 }
 
 create_volume_subfolder() {
-    # Modify the owner of /data dir, make $USER(git) user have permission to create sub-dir in /data.
-    chown -R "$USER:$USER" /data
+    # only change ownership if needed, if using an nfs mount this could be expensive
+    if [ "$USER:$USER" != "$(stat /data -c '%U:%G')" ]
+    then
+        # Modify the owner of /data dir, make $USER(git) user have permission to create sub-dir in /data.
+        chown -R "$USER:$USER" /data
+    fi
 
     # Create VOLUME subfolder
     for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do

docs/dev/local_development.md

@@ -153,6 +153,8 @@ You would have to re-run this command after changing Go files, or any file under
 When you are actively working on HTML templates and static files during development, you may want to enable the following configuration to avoid recompiling and restarting Gogs every time you make a change to files under `template/` and `public/` directories:
 
 ```ini
+RUN_MODE = dev
+
 [server]
 LOAD_ASSETS_FROM_DISK = true
 ```

go.mod

@@ -28,7 +28,7 @@ require (
 	github.com/issue9/identicon v1.0.1
 	github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43
 	github.com/jinzhu/gorm v1.9.12
-	github.com/json-iterator/go v1.1.10
+	github.com/json-iterator/go v1.1.12
 	github.com/klauspost/compress v1.8.6 // indirect
 	github.com/klauspost/cpuid v1.2.1 // indirect
 	github.com/lib/pq v1.3.0 // indirect

go.sum

@@ -151,8 +151,8 @@ github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
 github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
@@ -202,8 +202,9 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/msteinert/pam v0.0.0-20190215180659-f29b9f28d6f9 h1:ZivaaKmjs9q90zi6I4gTLW6tbVGtlBjellr3hMYaly0=
 github.com/msteinert/pam v0.0.0-20190215180659-f29b9f28d6f9/go.mod h1:np1wUFZ6tyoke22qDJZY40URn9Ae51gX7ljIWXN5TJs=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=

gogs.go

@@ -19,7 +19,7 @@ import (
 )
 
 func init() {
-	conf.App.Version = "0.12.5"
+	conf.App.Version = "0.12.6"
 }
 
 func main() {

internal/conf/static.go

@@ -103,6 +103,7 @@ var (
 		CookieSecure            bool
 		EnableLoginStatusCookie bool
 		LoginStatusCookieName   string
+		LocalNetworkAllowlist   []string `delim:","`
 
 		// Deprecated: Use Auth.ReverseProxyAuthenticationHeader instead, will be removed in 0.13.
 		ReverseProxyAuthenticationUser string

internal/conf/testdata/TestInit.golden.ini

@@ -80,6 +80,7 @@ COOKIE_USERNAME=gogs_awesome
 COOKIE_SECURE=false
 ENABLE_LOGIN_STATUS_COOKIE=false
 LOGIN_STATUS_COOKIE_NAME=login_status
+LOCAL_NETWORK_ALLOWLIST=
 REVERSE_PROXY_AUTHENTICATION_USER=
 
 [email]

internal/db/repo_editor.go

@@ -16,6 +16,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/pkg/errors"
 	gouuid "github.com/satori/go.uuid"
 	"github.com/unknwon/com"
 
@@ -23,9 +24,10 @@ import (
 
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/cryptoutil"
-	"gogs.io/gogs/internal/db/errors"
+	dberrors "gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/gitutil"
 	"gogs.io/gogs/internal/osutil"
+	"gogs.io/gogs/internal/pathutil"
 	"gogs.io/gogs/internal/process"
 	"gogs.io/gogs/internal/tool"
 )
@@ -134,7 +136,7 @@ func (repo *Repository) UpdateRepoFile(doer *User, opts UpdateRepoFileOptions) (
 	if opts.OldBranch != opts.NewBranch {
 		// Directly return error if new branch already exists in the server
 		if git.RepoHasBranch(repoPath, opts.NewBranch) {
-			return errors.BranchAlreadyExists{Name: opts.NewBranch}
+			return dberrors.BranchAlreadyExists{Name: opts.NewBranch}
 		}
 
 		// Otherwise, delete branch from local copy in case out of sync
@@ -449,11 +451,16 @@ func isRepositoryGitPath(path string) bool {
 	return strings.HasSuffix(path, ".git") || strings.Contains(path, ".git"+string(os.PathSeparator))
 }
 
-func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) (err error) {
+func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) error {
 	if len(opts.Files) == 0 {
 		return nil
 	}
 
+	// Prevent uploading files into the ".git" directory
+	if isRepositoryGitPath(opts.TreePath) {
+		return errors.Errorf("bad tree path %q", opts.TreePath)
+	}
+
 	uploads, err := GetUploadsByUUIDs(opts.Files)
 	if err != nil {
 		return fmt.Errorf("get uploads by UUIDs[%v]: %v", opts.Files, err)
@@ -487,7 +494,9 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
 			continue
 		}
 
-		// Prevent copying files into .git directory, see https://gogs.io/gogs/issues/5558.
+		upload.Name = pathutil.Clean(upload.Name)
+
+		// Prevent uploading files into the ".git" directory
 		if isRepositoryGitPath(upload.Name) {
 			continue
 		}

internal/form/repo.go

@@ -12,6 +12,7 @@ import (
 	"github.com/unknwon/com"
 	"gopkg.in/macaron.v1"
 
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/netutil"
 )
@@ -69,7 +70,7 @@ func (f MigrateRepo) ParseRemoteAddr(user *db.User) (string, error) {
 			return "", db.ErrInvalidCloneAddr{IsURLError: true}
 		}
 
-		if netutil.IsLocalHostname(u.Hostname()) {
+		if netutil.IsLocalHostname(u.Hostname(), conf.Security.LocalNetworkAllowlist) {
 			return "", db.ErrInvalidCloneAddr{IsURLError: true}
 		}
 

internal/netutil/netutil.go

@@ -47,8 +47,15 @@ func init() {
 	}
 }
 
-// IsLocalHostname returns true if given hostname is a known local address.
-func IsLocalHostname(hostname string) bool {
+// IsLocalHostname returns true if given hostname is resolved to local network
+// address, except exempted from the allowlist.
+func IsLocalHostname(hostname string, allowlist []string) bool {
+	for _, allow := range allowlist {
+		if hostname == allow {
+			return false
+		}
+	}
+
 	ips, err := net.LookupIP(hostname)
 	if err != nil {
 		return true

internal/netutil/netutil_test.go

@@ -12,8 +12,9 @@ import (
 
 func TestIsLocalHostname(t *testing.T) {
 	tests := []struct {
-		hostname string
-		want     bool
+		hostname  string
+		allowlist []string
+		want      bool
 	}{
 		{hostname: "localhost", want: true},
 		{hostname: "127.0.0.1", want: true},
@@ -27,10 +28,13 @@ func TestIsLocalHostname(t *testing.T) {
 		{hostname: "gogs.io", want: false},
 		{hostname: "google.com", want: false},
 		{hostname: "165.232.140.255", want: false},
+
+		{hostname: "192.168.123.45", allowlist: []string{"10.0.0.17"}, want: true},
+		{hostname: "gogs.local", allowlist: []string{"gogs.local"}, want: false},
 	}
 	for _, test := range tests {
 		t.Run("", func(t *testing.T) {
-			assert.Equal(t, test.want, IsLocalHostname(test.hostname))
+			assert.Equal(t, test.want, IsLocalHostname(test.hostname, test.allowlist))
 		})
 	}
 }

internal/route/repo/webhook.go

@@ -128,7 +128,7 @@ func validateWebhook(actor *db.User, l macaron.Locale, w *db.Webhook) (field, ms
 			return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), false
 		}
 
-		if netutil.IsLocalHostname(payloadURL.Hostname()) {
+		if netutil.IsLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) {
 			return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_use_local_addresses"), false
 		}
 	}

templates/admin/config.tmpl

@@ -206,6 +206,8 @@
 						<dd><i class="fa fa{{if .Security.EnableLoginStatusCookie}}-check{{end}}-square-o"></i></dd>
 						<dt>{{.i18n.Tr "admin.config.security.login_status_cookie_name"}}</dt>
 						<dd>{{.Security.LoginStatusCookieName}}</dd>
+						<dt>{{.i18n.Tr "admin.config.security.local_network_allowlist"}}</dt>
+						<dd><code>{{.Security.LocalNetworkAllowlist}}</code></dd>
 					</dl>
 				</div>
 

templates/org/member/members.tmpl

@@ -14,7 +14,7 @@
 			{{range .Members}}
 				<div class="item ui grid">
 					<div class="ui one wide column">
-						<img class="ui avatar" src="{{.RelAvatarLink}}?s=48">
+						<img class="ui avatar" src="{{AppendAvatarSize .RelAvatarLink 48}}">
 					</div>
 					<div class="ui three wide column">
 						<div class="meta"><a href="{{.HomeLink}}">{{.Name}}</a></div>