Merge branch 'main' into ssh_log

Author: a1012112796

.drone.yml

@@ -15,12 +15,12 @@ trigger:
 steps:
   - name: deps-frontend
     pull: always
-    image: node:14
+    image: node:16
     commands:
       - make node_modules
 
   - name: lint-frontend
-    image: node:14
+    image: node:16
     commands:
       - make lint-frontend
     depends_on: [deps-frontend]
@@ -58,7 +58,7 @@ steps:
       TAGS: bindata gogit sqlite sqlite_unlock_notify
 
   - name: checks-frontend
-    image: node:14
+    image: node:16
     commands:
       - make checks-frontend
     depends_on: [deps-frontend]
@@ -71,13 +71,13 @@ steps:
     depends_on: [lint-backend]
 
   - name: test-frontend
-    image: node:14
+    image: node:16
     commands:
       - make test-frontend
     depends_on: [lint-frontend]
 
   - name: build-frontend
-    image: node:14
+    image: node:16
     commands:
       - make frontend
     depends_on: [test-frontend]
@@ -530,7 +530,7 @@ steps:
     image: plugins/s3:1
     settings:
       acl: public-read
-      bucket: releases
+      bucket: gitea-artifacts
       endpoint: https://storage.gitea.io
       path_style: true
       source: "dist/release/*"
@@ -551,7 +551,7 @@ steps:
     image: plugins/s3:1
     settings:
       acl: public-read
-      bucket: releases
+      bucket: gitea-artifacts
       endpoint: https://storage.gitea.io
       path_style: true
       source: "dist/release/*"
@@ -626,7 +626,7 @@ steps:
     image: plugins/s3:1
     settings:
       acl: public-read
-      bucket: releases
+      bucket: gitea-artifacts
       endpoint: https://storage.gitea.io
       path_style: true
       source: "dist/release/*"

.eslintrc

@@ -366,6 +366,7 @@ rules:
   unicorn/no-array-instanceof: [0]
   unicorn/no-array-push-push: [2]
   unicorn/no-console-spaces: [0]
+  unicorn/no-document-cookie: [2]
   unicorn/no-fn-reference-in-iterator: [0]
   unicorn/no-for-loop: [0]
   unicorn/no-hex-escape: [0]
@@ -389,6 +390,7 @@ rules:
   unicorn/numeric-separators-style: [0]
   unicorn/prefer-add-event-listener: [2]
   unicorn/prefer-array-find: [2]
+  unicorn/prefer-array-flat-map: [2]
   unicorn/prefer-array-flat: [2]
   unicorn/prefer-array-index-of: [2]
   unicorn/prefer-array-some: [2]
@@ -399,8 +401,10 @@ rules:
   unicorn/prefer-includes: [2]
   unicorn/prefer-math-trunc: [2]
   unicorn/prefer-modern-dom-apis: [0]
+  unicorn/prefer-module: [2]
   unicorn/prefer-negative-index: [2]
   unicorn/prefer-node-append: [0]
+  unicorn/prefer-node-protocol: [0]
   unicorn/prefer-node-remove: [0]
   unicorn/prefer-number-properties: [0]
   unicorn/prefer-optional-catch-binding: [2]

.gitignore

@@ -76,6 +76,8 @@ cpu.out
 /integrations/mssql.ini
 /node_modules
 /yarn.lock
+/yarn-error.log
+/npm-debug.log*
 /public/js
 /public/serviceworker.js
 /public/css

Makefile

@@ -359,7 +359,7 @@ test-backend:
 	@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' $(GO_PACKAGES)
 
 .PHONY: test-frontend
-test-frontend:
+test-frontend: node_modules
 	@NODE_OPTIONS="--experimental-vm-modules --no-warnings" npx jest --color
 
 .PHONY: test-check

README.md

@@ -101,6 +101,16 @@ NOTES:
 1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
 2. If you have found a vulnerability in the project, please write privately to **[email protected]**. Thanks!
 
+## Translating
+
+Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 
+
+You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.
+
+https://docs.gitea.io/en-us/translation-guidelines/
+
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
+
 ## Further information
 
 For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).

README_ZH.md

@@ -71,6 +71,11 @@ Gitea 的首要目标是创建一个极易安装，运行非常快速，安装
 
 Fork -> Patch -> Push -> Pull Request
 
+## 翻译
+
+多语言翻译是基于Crowdin进行的.
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
+
 ## 作者
 
 * [Maintainers](https://github.com/orgs/go-gitea/people)

cmd/web_letsencrypt.go

@@ -6,6 +6,7 @@ package cmd
 
 import (
 	"net/http"
+	"strconv"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
@@ -22,6 +23,11 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	// TODO: these are placeholders until we add options for each in settings with appropriate warning
 	enableHTTPChallenge := true
 	enableTLSALPNChallenge := true
+	altHTTPPort := 0
+
+	if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
+		altHTTPPort = p
+	}
 
 	magic := certmagic.NewDefault()
 	magic.Storage = &certmagic.FileStorage{Path: directory}
@@ -30,6 +36,8 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 		Agreed:                  setting.LetsEncryptTOS,
 		DisableHTTPChallenge:    !enableHTTPChallenge,
 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
+		ListenHost:              listenAddr,
+		AltHTTPPort:             altHTTPPort,
 	})
 
 	magic.Issuers = []certmagic.Issuer{myACME}

contrib/environment-to-ini/environment-to-ini.go

@@ -110,6 +110,8 @@ func runEnvironmentToIni(c *cli.Context) error {
 	}
 	cfg.NameMapper = ini.SnackCase
 
+	changed := false
+
 	prefix := c.String("prefix") + "__"
 
 	for _, kv := range os.Environ() {
@@ -143,15 +145,21 @@ func runEnvironmentToIni(c *cli.Context) error {
 				continue
 			}
 		}
+		oldValue := key.Value()
+		if !changed && oldValue != value {
+			changed = true
+		}
 		key.SetValue(value)
 	}
 	destination := c.String("out")
 	if len(destination) == 0 {
 		destination = setting.CustomConf
 	}
-	err = cfg.SaveTo(destination)
-	if err != nil {
-		return err
+	if destination != setting.CustomConf || changed {
+		err = cfg.SaveTo(destination)
+		if err != nil {
+			return err
+		}
 	}
 	if c.Bool("clear") {
 		for _, kv := range os.Environ() {

docker/root/etc/s6/openssh/setup

@@ -24,9 +24,29 @@ if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
     ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
 fi
 
+if [ -e /data/ssh/ssh_host_ed25519_cert ]; then
+  SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_cert"}
+fi
+
+if [ -e /data/ssh/ssh_host_rsa_cert ]; then
+  SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_cert"}
+fi
+
+if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
+  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
+fi
+
+if [ -e /data/ssh/ssh_host_dsa_cert ]; then
+  SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
+fi
+
 if [ -d /etc/ssh ]; then
     SSH_PORT=${SSH_PORT:-"22"} \
     SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
+    SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
+    SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
+    SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
+    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
     envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
 
     chmod 0644 /etc/ssh/sshd_config

docker/root/etc/templates/sshd_config

@@ -8,13 +8,13 @@ ListenAddress ::
 LogLevel INFO
 
 HostKey /data/ssh/ssh_host_ed25519_key
-HostCertificate /data/ssh/ssh_host_ed25519_cert
+${SSH_ED25519_CERT}
 HostKey /data/ssh/ssh_host_rsa_key
-HostCertificate /data/ssh/ssh_host_rsa_cert
+${SSH_RSA_CERT}
 HostKey /data/ssh/ssh_host_ecdsa_key
-HostCertificate /data/ssh/ssh_host_ecdsa_cert
+${SSH_ECDSA_CERT}
 HostKey /data/ssh/ssh_host_dsa_key
-HostCertificate /data/ssh/ssh_host_dsa_cert
+${SSH_DSA_CERT}
 
 AuthorizedKeysFile .ssh/authorized_keys
 AuthorizedPrincipalsFile .ssh/authorized_principals

docs/content/doc/advanced/logging-documentation.en-us.md

@@ -437,7 +437,8 @@ Gitea includes built-in log rotation, which should be enough for most deployment
 
 - Disable built-in log rotation by setting `LOG_ROTATE` to `false` in your `app.ini`.
 - Install `logrotate`.
-- Configure `logrotate` to match your deployment requirements, see `man 8 logrotate` for configuration syntax details. In the `postrotate/endscript` block send Gitea a `USR1` signal via `kill -USR1` or `kill -10`, or run `gitea manager logging release-and-reopen` (with the appropriate environment). Ensure that your configurations apply to all files emitted by Gitea loggers as described in the above sections.
-- Always do `logrotate /etc/logrotate.conf --debug` to test your configurations.
+- Configure `logrotate` to match your deployment requirements, see `man 8 logrotate` for configuration syntax details. In the `postrotate/endscript` block send Gitea a `USR1` signal via `kill -USR1` or `kill -10` to the `gitea` process itself, or run `gitea manager logging release-and-reopen` (with the appropriate environment). Ensure that your configurations apply to all files emitted by Gitea loggers as described in the above sections.
+- Always do `logrotate /etc/logrotate.conf --debug` to test your configurations. 
+- If you are using docker and are running from outside of the container you can use `docker exec -u $OS_USER $CONTAINER_NAME sh -c 'gitea manager logging release-and-reopen'` or `docker exec $CONTAINER_NAME sh -c '/bin/s6-svc -1 /etc/s6/gitea/'` or send `USR1` directly to the gitea process itself.
 
 The next `logrotate` jobs will include your configurations, so no restart is needed. You can also immediately reload `logrotate` with `logrotate /etc/logrotate.conf --force`.

docs/content/doc/usage/reverse-proxies.en-us.md

@@ -222,11 +222,24 @@ If you wish to run Gitea with IIS. You will need to setup IIS with URL Rewrite a
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
     <system.webServer>
+        <security>
+          <requestFiltering>
+            <hiddenSegments>
+              <clear />
+            </hiddenSegments>
+            <denyUrlSequences>
+              <clear />
+            </denyUrlSequences>
+            <fileExtensions allowUnlisted="true">
+              <clear />
+            </fileExtensions>
+          </requestFiltering>
+        </security>
         <rewrite>
-            <rules>
+            <rules useOriginalURLEncoding="false">
                 <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                     <match url="(.*)" />
-                    <action type="Rewrite" url="http://127.0.0.1:3000/{R:1}" />
+                    <action type="Rewrite" url="http://127.0.0.1:3000{UNENCODED_URL}" />
                     <serverVariables>
                         <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="HTTP_ACCEPT_ENCODING" />
                         <set name="HTTP_ACCEPT_ENCODING" value="" />
@@ -255,6 +268,16 @@ If you wish to run Gitea with IIS. You will need to setup IIS with URL Rewrite a
             </outboundRules>
         </rewrite>
         <urlCompression doDynamicCompression="true" />
+        <handlers>
+          <clear />
+          <add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
+        </handlers>
+        <!-- Map all extensions to the same MIME type, so all files can be
+               downloaded. -->
+        <staticContent>
+          <clear />
+          <mimeMap fileExtension="*" mimeType="application/octet-stream" />
+        </staticContent>
     </system.webServer>
 </configuration>
 ```

go.mod

@@ -105,7 +105,7 @@ require (
 	github.com/unknwon/com v1.0.1
 	github.com/unknwon/i18n v0.0.0-20210321134014-0ebbf2df1c44
 	github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae
-	github.com/unrolled/render v1.1.0
+	github.com/unrolled/render v1.1.1
 	github.com/urfave/cli v1.22.5
 	github.com/willf/bitset v1.1.11 // indirect
 	github.com/xanzy/go-gitlab v0.48.0

go.sum

@@ -1099,8 +1099,8 @@ github.com/unknwon/i18n v0.0.0-20210321134014-0ebbf2df1c44 h1:7bSo/vjZKVYUoZfxpY
 github.com/unknwon/i18n v0.0.0-20210321134014-0ebbf2df1c44/go.mod h1:+5rDk6sDGpl3azws3O+f+GpFSyN9GVr0K8cvQLQM2ZQ=
 github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae h1:ihaXiJkaca54IaCSnEXtE/uSZOmPxKZhDfVLrzZLFDs=
 github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae/go.mod h1:1fdkY6xxl6ExVs2QFv7R0F5IRZHKA8RahhB9fMC9RvM=
-github.com/unrolled/render v1.1.0 h1:gvpR9hHxTt6DcGqRYuVVFcfd8rtK+nyEPUJN06KB57Q=
-github.com/unrolled/render v1.1.0/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
+github.com/unrolled/render v1.1.1 h1:FpzNzkvlJQIlVdVaqeVBGWiCS8gpbmjtrKpDmCn6p64=
+github.com/unrolled/render v1.1.1/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=

jest.config.js

@@ -1,8 +1,9 @@
 export default {
   setupFilesAfterEnv: ['jest-extended'],
   testTimeout: 20000,
+  rootDir: 'web_src',
   testMatch: [
-    '**/web_src/**/*.test.js',
+    '<rootDir>/**/*.test.js',
   ],
   transform: {},
   verbose: false,

models/avatar_test.go

@@ -40,8 +40,10 @@ func TestHashEmail(t *testing.T) {
 }
 
 func TestSizedAvatarLink(t *testing.T) {
+	setting.AppSubURL = "/testsuburl"
+
 	disableGravatar()
-	assert.Equal(t, "/suburl/assets/img/avatar_default.png",
+	assert.Equal(t, "/testsuburl/assets/img/avatar_default.png",
 		SizedAvatarLink("[email protected]", 100))
 
 	enableGravatar(t)

models/gpg_key_test.go

@@ -103,6 +103,9 @@ MkM/fdpyc2hY7Dl/+qFmN5MG5yGmMpQcX+RNNR222ibNC1D3wg==
 =i9b7
 -----END PGP PUBLIC KEY BLOCK-----`
 	keys, err := checkArmoredGPGKeyString(testGPGArmor)
+	if !assert.NotEmpty(t, keys) {
+		return
+	}
 	ekey := keys[0]
 	assert.NoError(t, err, "Could not parse a valid GPG armored key", ekey)
 
@@ -189,6 +192,10 @@ Unknown GPG key with good email
 }
 
 func TestCheckGPGUserEmail(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	_ = AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+
 	testEmailWithUpperCaseLetters := `-----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1
 
@@ -222,9 +229,11 @@ Q0KHb+QcycSgbDx0ZAvdIacuKvBBcbxrsmFUI4LR+oIup0G9gUc0roPvr014jYQL
 
 	keys, err := AddGPGKey(1, testEmailWithUpperCaseLetters)
 	assert.NoError(t, err)
-	key := keys[0]
-	if assert.Len(t, key.Emails, 1) {
-		assert.Equal(t, "[email protected]", key.Emails[0].Email)
+	if assert.NotEmpty(t, keys) {
+		key := keys[0]
+		if assert.Len(t, key.Emails, 1) {
+			assert.Equal(t, "[email protected]", key.Emails[0].Email)
+		}
 	}
 }
 
@@ -374,7 +383,9 @@ epiDVQ==
 `
 	keys, err := checkArmoredGPGKeyString(testIssue6599)
 	assert.NoError(t, err)
-	ekey := keys[0]
-	expire := getExpiryTime(ekey)
-	assert.Equal(t, time.Unix(1586105389, 0), expire)
+	if assert.NotEmpty(t, keys) {
+		ekey := keys[0]
+		expire := getExpiryTime(ekey)
+		assert.Equal(t, time.Unix(1586105389, 0), expire)
+	}
 }