From 814b44aeafda0c31b2600895e66d7ea3d5876ca5 Mon Sep 17 00:00:00 2001 From: Jason Song Date: Mon, 26 Dec 2022 16:50:58 +0800 Subject: [PATCH 1/4] Fix typo of Asia/Shanghai (#22242) As the title. --- docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 0268938187..c2d5ae2667 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -1145,7 +1145,7 @@ in this mapping or the filetype using heuristics. ## Time (`time`) - `FORMAT`: Time format to display on UI. i.e. RFC1123 or 2006-01-02 15:04:05 -- `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Shanghai/Asia +- `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Asia/Shanghai ## Task (`task`) From 83640c449eb6a1b31bc09b1372cc156d114804f8 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 27 Dec 2022 00:34:05 +0000 Subject: [PATCH 2/4] Remove ReverseProxy authentication from the API (#22219) Since we changed the /api/v1/ routes to disallow session authentication we also removed their reliance on CSRF. However, we left the ReverseProxy authentication here - but this means that POSTs to the API are no longer protected by CSRF. Now, ReverseProxy authentication is a kind of session authentication, and is therefore inconsistent with the removal of session from the API. This PR proposes that we simply remove the ReverseProxy authentication from the API and therefore users of the API must explicitly use tokens or basic authentication. Replace #22077 Close #22221 Close #22077 Signed-off-by: Andrew Thornton --- routers/api/v1/api.go | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 82ff7ae0be..c12ceacdd3 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -230,13 +230,10 @@ func reqExploreSignIn() func(ctx *context.APIContext) { } } -func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) { +func reqBasicAuth() func(ctx *context.APIContext) { return func(ctx *context.APIContext) { - if ctx.IsSigned && setting.Service.EnableReverseProxyAuth && ctx.Data["AuthedMethod"].(string) == auth.ReverseProxyMethodName { - return - } if !ctx.Context.IsBasicAuth { - ctx.Error(http.StatusUnauthorized, "reqBasicOrRevProxyAuth", "auth required") + ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth required") return } ctx.CheckForOTP() @@ -598,9 +595,6 @@ func buildAuthGroup() *auth.Group { &auth.HTTPSign{}, &auth.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API ) - if setting.Service.EnableReverseProxyAuth { - group.Add(&auth.ReverseProxy{}) - } specialAdd(group) return group @@ -690,7 +684,7 @@ func Routes(ctx gocontext.Context) *web.Route { m.Combo("").Get(user.ListAccessTokens). Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken) m.Combo("/{id}").Delete(user.DeleteAccessToken) - }, reqBasicOrRevProxyAuth()) + }, reqBasicAuth()) }, context_service.UserAssignmentAPI()) }) From b48cf03717e99ff33d1e845c97e6f8c469cd2e6d Mon Sep 17 00:00:00 2001 From: Gusted Date: Tue, 27 Dec 2022 02:15:35 +0100 Subject: [PATCH 3/4] Remove deadcode (#22245) - Remove code that isn't being used. Found this is my stash from a few weeks ago, not sure how I found this in the first place. Co-authored-by: Lunny Xiao --- modules/git/repo_attribute.go | 98 ------------------------ modules/git/repo_attribute_test.go | 61 --------------- modules/markup/markdown/markdown.go | 6 -- modules/markup/markdown/markdown_test.go | 22 ------ 4 files changed, 187 deletions(-) diff --git a/modules/git/repo_attribute.go b/modules/git/repo_attribute.go index d3a3dc8c83..404d9e502c 100644 --- a/modules/git/repo_attribute.go +++ b/modules/git/repo_attribute.go @@ -9,8 +9,6 @@ import ( "fmt" "io" "os" - "strconv" - "strings" "code.gitea.io/gitea/modules/log" ) @@ -288,102 +286,6 @@ func (wr *nulSeparatedAttributeWriter) Close() error { return nil } -type lineSeparatedAttributeWriter struct { - tmp []byte - attributes chan attributeTriple - closed chan struct{} -} - -func (wr *lineSeparatedAttributeWriter) Write(p []byte) (n int, err error) { - l := len(p) - - nlIdx := bytes.IndexByte(p, '\n') - for nlIdx >= 0 { - wr.tmp = append(wr.tmp, p[:nlIdx]...) - - if len(wr.tmp) == 0 { - // This should not happen - if len(p) > nlIdx+1 { - wr.tmp = wr.tmp[:0] - p = p[nlIdx+1:] - nlIdx = bytes.IndexByte(p, '\n') - continue - } else { - return l, nil - } - } - - working := attributeTriple{} - if wr.tmp[0] == '"' { - sb := new(strings.Builder) - remaining := string(wr.tmp[1:]) - for len(remaining) > 0 { - rn, _, tail, err := strconv.UnquoteChar(remaining, '"') - if err != nil { - if len(remaining) > 2 && remaining[0] == '"' && remaining[1] == ':' && remaining[2] == ' ' { - working.Filename = sb.String() - wr.tmp = []byte(remaining[3:]) - break - } - return l, fmt.Errorf("unexpected tail %s", remaining) - } - _, _ = sb.WriteRune(rn) - remaining = tail - } - } else { - idx := bytes.IndexByte(wr.tmp, ':') - if idx < 0 { - return l, fmt.Errorf("unexpected input %s", string(wr.tmp)) - } - working.Filename = string(wr.tmp[:idx]) - if len(wr.tmp) < idx+2 { - return l, fmt.Errorf("unexpected input %s", string(wr.tmp)) - } - wr.tmp = wr.tmp[idx+2:] - } - - idx := bytes.IndexByte(wr.tmp, ':') - if idx < 0 { - return l, fmt.Errorf("unexpected input %s", string(wr.tmp)) - } - - working.Attribute = string(wr.tmp[:idx]) - if len(wr.tmp) < idx+2 { - return l, fmt.Errorf("unexpected input %s", string(wr.tmp)) - } - - working.Value = string(wr.tmp[idx+2:]) - - wr.attributes <- working - wr.tmp = wr.tmp[:0] - if len(p) > nlIdx+1 { - p = p[nlIdx+1:] - nlIdx = bytes.IndexByte(p, '\n') - continue - } else { - return l, nil - } - } - - wr.tmp = append(wr.tmp, p...) - return l, nil -} - -func (wr *lineSeparatedAttributeWriter) ReadAttribute() <-chan attributeTriple { - return wr.attributes -} - -func (wr *lineSeparatedAttributeWriter) Close() error { - select { - case <-wr.closed: - return nil - default: - } - close(wr.attributes) - close(wr.closed) - return nil -} - // Create a check attribute reader for the current repository and provided commit ID func (repo *Repository) CheckAttributeReader(commitID string) (*CheckAttributeReader, context.CancelFunc) { indexFilename, worktree, deleteTemporaryFile, err := repo.ReadTreeToTemporaryIndex(commitID) diff --git a/modules/git/repo_attribute_test.go b/modules/git/repo_attribute_test.go index 6882874d2d..f88ae95407 100644 --- a/modules/git/repo_attribute_test.go +++ b/modules/git/repo_attribute_test.go @@ -95,64 +95,3 @@ func Test_nulSeparatedAttributeWriter_ReadAttribute(t *testing.T) { Value: "unspecified", }, attr) } - -func Test_lineSeparatedAttributeWriter_ReadAttribute(t *testing.T) { - wr := &lineSeparatedAttributeWriter{ - attributes: make(chan attributeTriple, 5), - } - - testStr := `".gitignore\"\n": linguist-vendored: unspecified -` - n, err := wr.Write([]byte(testStr)) - - assert.Equal(t, n, len(testStr)) - assert.NoError(t, err) - - select { - case attr := <-wr.ReadAttribute(): - assert.Equal(t, ".gitignore\"\n", attr.Filename) - assert.Equal(t, "linguist-vendored", attr.Attribute) - assert.Equal(t, "unspecified", attr.Value) - case <-time.After(100 * time.Millisecond): - assert.Fail(t, "took too long to read an attribute from the list") - } - - // Write a second attribute again - n, err = wr.Write([]byte(testStr)) - - assert.Equal(t, n, len(testStr)) - assert.NoError(t, err) - - select { - case attr := <-wr.ReadAttribute(): - assert.Equal(t, ".gitignore\"\n", attr.Filename) - assert.Equal(t, "linguist-vendored", attr.Attribute) - assert.Equal(t, "unspecified", attr.Value) - case <-time.After(100 * time.Millisecond): - assert.Fail(t, "took too long to read an attribute from the list") - } - - // Write a partial attribute - _, err = wr.Write([]byte("incomplete-file")) - assert.NoError(t, err) - _, err = wr.Write([]byte("name: ")) - assert.NoError(t, err) - select { - case <-wr.ReadAttribute(): - assert.Fail(t, "There should not be an attribute ready to read") - case <-time.After(100 * time.Millisecond): - } - _, err = wr.Write([]byte("attribute: ")) - assert.NoError(t, err) - select { - case <-wr.ReadAttribute(): - assert.Fail(t, "There should not be an attribute ready to read") - case <-time.After(100 * time.Millisecond): - } - _, err = wr.Write([]byte("value\n")) - assert.NoError(t, err) - attr := <-wr.ReadAttribute() - assert.Equal(t, "incomplete-filename", attr.Filename) - assert.Equal(t, "attribute", attr.Attribute) - assert.Equal(t, "value", attr.Value) -} diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go index 1e5c470758..f1ffea8872 100644 --- a/modules/markup/markdown/markdown.go +++ b/modules/markup/markdown/markdown.go @@ -289,9 +289,3 @@ func RenderRawString(ctx *markup.RenderContext, content string) (string, error) } return buf.String(), nil } - -// IsMarkdownFile reports whether name looks like a Markdown file -// based on its extension. -func IsMarkdownFile(name string) bool { - return markup.IsMarkupFile(name, MarkupName) -} diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go index bb2c47f18e..cc683dc5b7 100644 --- a/modules/markup/markdown/markdown_test.go +++ b/modules/markup/markdown/markdown_test.go @@ -74,28 +74,6 @@ func TestRender_StandardLinks(t *testing.T) { `

WikiPage

`) } -func TestMisc_IsMarkdownFile(t *testing.T) { - setting.Markdown.FileExtensions = []string{".md", ".markdown", ".mdown", ".mkd"} - trueTestCases := []string{ - "test.md", - "wow.MARKDOWN", - "LOL.mDoWn", - } - falseTestCases := []string{ - "test", - "abcdefg", - "abcdefghijklmnopqrstuvwxyz", - "test.md.test", - } - - for _, testCase := range trueTestCases { - assert.True(t, IsMarkdownFile(testCase)) - } - for _, testCase := range falseTestCases { - assert.False(t, IsMarkdownFile(testCase)) - } -} - func TestRender_Images(t *testing.T) { setting.AppURL = AppURL setting.AppSubURL = AppSubURL From 90237d8abd0e6479c1464ac0f32fff6a2ce4a0b4 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 27 Dec 2022 14:00:34 +0800 Subject: [PATCH 4/4] Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246) Since #20218 introduced internal watching template, template watching should be removed from `air`. This will prevent restart the whole server once the template files changed to speed up developing when using `make watch`. To ensure `make watch` will reuse template watching, this PR introduced a new ENV `GITEA_RUN_MODE` to make sure `make watch` will always run in a dev mode of Gitea so that template watching will open. This PR also added more exclude testdata directories. --- .air.toml | 4 ++-- Makefile | 2 +- modules/setting/setting.go | 5 ++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.air.toml b/.air.toml index 0610088303..069a889243 100644 --- a/.air.toml +++ b/.air.toml @@ -5,6 +5,6 @@ tmp_dir = ".air" cmd = "make backend" bin = "gitea" include_ext = ["go", "tmpl"] -exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"] -include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"] +exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata", "models/fixtures", "models/migrations/fixtures", "modules/migration/file_format_testdata", "modules/avatar/identicon/testdata"] +include_dir = ["cmd", "models", "modules", "options", "routers", "services"] exclude_regex = ["_test.go$", "_gen.go$"] diff --git a/Makefile b/Makefile index d1122984a7..06a0d1c18e 100644 --- a/Makefile +++ b/Makefile @@ -359,7 +359,7 @@ watch-frontend: node-check node_modules .PHONY: watch-backend watch-backend: go-check - $(GO) run $(AIR_PACKAGE) -c .air.toml + GITEA_RUN_MODE=dev $(GO) run $(AIR_PACKAGE) -c .air.toml .PHONY: test test: test-frontend test-backend diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 47e0ae2cda..07290fbfeb 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -1043,7 +1043,10 @@ func loadFromConf(allowEmpty bool, extraConfig string) { // The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches. // Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly. unsafeAllowRunAsRoot := Cfg.Section("").Key("I_AM_BEING_UNSAFE_RUNNING_AS_ROOT").MustBool(false) - RunMode = Cfg.Section("").Key("RUN_MODE").MustString("prod") + RunMode = os.Getenv("GITEA_RUN_MODE") + if RunMode == "" { + RunMode = Cfg.Section("").Key("RUN_MODE").MustString("prod") + } IsProd = strings.EqualFold(RunMode, "prod") // Does not check run user when the install lock is off. if InstallLock {