wxiaoguang
dd83cfcacc
Refactor CSRF token ( #32216 )
2 months ago
Lunny Xiao
5c05dddbed
Fix nuget/conan/container packages upload bugs ( #31967 )
3 months ago
wxiaoguang
6106a61eff
Remove sub-path from container registry realm ( #31293 )
...
Container registry requires that the "/v2" must be in the root, so the
sub-path in AppURL should be removed
6 months ago
KN4CK3R
f79c9e817a
Use `crypto/sha256` ( #29386 )
...
Go 1.21 improved the performance of `crypto/sha256`. It's now similar to
`minio/sha256-simd`, so we should just use the standard libs.
https://go.dev/doc/go1.21#crypto/sha256
https://go-review.googlesource.com/c/go/+/408795
https://github.com/multiformats/go-multihash/pull/173
9 months ago
KN4CK3R
caad931385
Prevent anonymous container access if `RequireSignInView` is enabled ( #28877 )
...
Fixes #28875
If `RequireSignInView` is enabled, the ghost user has no access rights.
10 months ago
KN4CK3R
838db2f891
Convert to url auth to header auth in tests ( #28484 )
...
Related #28390
11 months ago
Nanguan Lin
dc04044716
Replace assert.Fail with assert.FailNow ( #27578 )
...
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require )
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
1 year ago
KN4CK3R
115f40e433
Test if container blob is accessible before mounting ( #22759 )
...
related #16865
This PR adds an accessibility check before mounting container blobs.
---------
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
1 year ago
KN4CK3R
fbd4eaceed
Display image size for multiarch container images ( #23821 )
...
Fixes #23771
Changes the display of different architectures for multiarch images to
show the image size:
![grafik](https://user-images.githubusercontent.com/1666336/228781477-cc76c4d1-4728-434f-8a27-fc008790d924.png )
2 years ago
KN4CK3R
0ae1ed749d
Remove all package data after tests ( #22984 )
...
Fixes #21020
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years ago
zeripath
1319ba6742
Use minio/sha256-simd for accelerated SHA256 ( #23052 )
...
minio/sha256-simd provides additional acceleration for SHA256 using
AVX512, SHA Extensions for x86 and ARM64 for ARM.
It provides a drop-in replacement for crypto/sha256 and if the
extensions are not available it falls back to standard crypto/sha256.
---------
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2 years ago
KN4CK3R
f8c1e14a13
Use import of OCI structs ( #22765 )
...
Fixes #22758
Otherwise we would need to rewrite the structs in `oci.go`.
2 years ago
Chongyi Zheng
de484e86bc
Support scoped access tokens ( #20908 )
...
This PR adds the support for scopes of access tokens, mimicking the
design of GitHub OAuth scopes.
The changes of the core logic are in `models/auth` that `AccessToken`
struct will have a `Scope` field. The normalized (no duplication of
scope), comma-separated scope string will be stored in `access_token`
table in the database.
In `services/auth`, the scope will be stored in context, which will be
used by `reqToken` middleware in API calls. Only OAuth2 tokens will have
granular token scopes, while others like BasicAuth will default to scope
`all`.
A large amount of work happens in `routers/api/v1/api.go` and the
corresponding `tests/integration` tests, that is adding necessary scopes
to each of the API calls as they fit.
- [x] Add `Scope` field to `AccessToken`
- [x] Add access control to all API endpoints
- [x] Update frontend & backend for when creating tokens
- [x] Add a database migration for `scope` column (enable 'all' access
to past tokens)
I'm aiming to complete it before Gitea 1.19 release.
Fixes #4300
2 years ago
KN4CK3R
3510d7e33a
Fix container blob mount ( #22226 )
2 years ago
flynnnnnnnnnn
e81ccc406b
Implement FSFE REUSE for golang files ( #21840 )
...
Change all license headers to comply with REUSE specification.
Fix #16132
Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2 years ago
KN4CK3R
a1ae83f36e
Workaround for container registry push/pull errors ( #21862 )
...
This PR addresses #19586
I added a mutex to the upload version creation which will prevent the
push errors when two requests try to create these database entries. I'm
not sure if this should be the final solution for this problem.
I added a workaround to allow a reupload of missing blobs. Normally a
reupload is skipped because the database knows the blob is already
present. The workaround checks if the blob exists on the file system.
This should not be needed anymore with the above fix so I marked this
code to be removed with Gitea v1.20.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago
KN4CK3R
7c11a73833
Fix package access for admins and inactive users ( #21580 )
...
I noticed an admin is not allowed to upload packages for other users
because `ctx.IsSigned` was not set.
I added a check for `user.IsActive` and `user.ProhibitLogin` too because
both was not checked. Tests enforce this now.
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years ago
KN4CK3R
69fc510d6d
Add GET and DELETE endpoints for Docker blob uploads ( #21367 )
...
This PR adds support for
https://docs.docker.com/registry/spec/api/#get-blob-upload
https://docs.docker.com/registry/spec/api/#delete-blob-upload
Both are not required by the OCI spec but some clients call these
endpoints.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years ago
Kyle D
c8ded77680
Kd/ci playwright go test ( #20123 )
...
* Add initial playwright config
* Simplify Makefile
* Simplify Makefile
* Use correct config files
* Update playwright settings
* Fix package-lock file
* Don't use test logger for e2e tests
* fix frontend lint
* Allow passing TEST_LOGGER variable
* Init postgres database
* use standard gitea env variables
* Update playwright
* update drone
* Move empty env var to commands
* Cleanup
* Move integrations to subfolder
* tests integrations to tests integraton
* Run e2e tests with go test
* Fix linting
* install CI deps
* Add files to ESlint
* Fix drone typo
* Don't log to console in CI
* Use go test http server
* Add build step before tests
* Move shared init function to common package
* fix drone
* Clean up tests
* Fix linting
* Better mocking for page + version string
* Cleanup test generation
* Remove dependency on gitea binary
* Fix linting
* add initial support for running specific tests
* Add ACCEPT_VISUAL variable
* don't require git-lfs
* Add initial documentation
* Review feedback
* Add logged in session test
* Attempt fixing drone race
* Cleanup and bump version
* Bump deps
* Review feedback
* simplify installation
* Fix ci
* Update install docs
2 years ago
Lunny Xiao
86c85c19b6
Refactor AssertExistsAndLoadBean to use generics ( #20797 )
...
* Refactor AssertExistsAndLoadBean to use generics
* Fix tests
Co-authored-by: zeripath <art27@cantab.net>
2 years ago
KN4CK3R
920481340b
Keep download count on Container tag overwrite ( #20728 )
...
Co-authored-by: 6543 <6543@obermui.de>
2 years ago
KN4CK3R
86e5268c39
Add Docker /v2/_catalog endpoint ( #20469 )
...
* Added properties for packages.
* Fixed authenticate header format.
* Added _catalog endpoint.
* Check owner visibility.
* Extracted condition.
* Added test for _catalog.
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years ago
KN4CK3R
a3d55ac523
Hide internal package versions ( #20492 )
...
* Hide internal versions from most searches.
* Added test.
2 years ago
Wim
cb50375e2b
Add more linters to improve code readability ( #19989 )
...
Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability
- nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
- unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions
- wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements.
- notlintlint - Reports ill-formed or insufficient nolint directives
- stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent
- excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003 ) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005 )
2 years ago
KN4CK3R
9ea9206406
ContainerRegistry - removed Basic Auth header ( #19735 )
...
* Removed Basic Auth header.
* Fixed test.
3 years ago
KN4CK3R
1d332342db
Add Package Registry ( #16510 )
...
* Added package store settings.
* Added models.
* Added generic package registry.
* Added tests.
* Added NuGet package registry.
* Moved service index to api file.
* Added NPM package registry.
* Added Maven package registry.
* Added PyPI package registry.
* Summary is deprecated.
* Changed npm name.
* Sanitize project url.
* Allow only scoped packages.
* Added user interface.
* Changed method name.
* Added missing migration file.
* Set page info.
* Added documentation.
* Added documentation links.
* Fixed wrong error message.
* Lint template files.
* Fixed merge errors.
* Fixed unit test storage path.
* Switch to json module.
* Added suggestions.
* Added package webhook.
* Add package api.
* Fixed swagger file.
* Fixed enum and comments.
* Fixed NuGet pagination.
* Print test names.
* Added api tests.
* Fixed access level.
* Fix User unmarshal.
* Added RubyGems package registry.
* Fix lint.
* Implemented io.Writer.
* Added support for sha256/sha512 checksum files.
* Improved maven-metadata.xml support.
* Added support for symbol package uploads.
* Added tests.
* Added overview docs.
* Added npm dependencies and keywords.
* Added no-packages information.
* Display file size.
* Display asset count.
* Fixed filter alignment.
* Added package icons.
* Formatted instructions.
* Allow anonymous package downloads.
* Fixed comments.
* Fixed postgres test.
* Moved file.
* Moved models to models/packages.
* Use correct error response format per client.
* Use simpler search form.
* Fixed IsProd.
* Restructured data model.
* Prevent empty filename.
* Fix swagger.
* Implemented user/org registry.
* Implemented UI.
* Use GetUserByIDCtx.
* Use table for dependencies.
* make svg
* Added support for unscoped npm packages.
* Add support for npm dist tags.
* Added tests for npm tags.
* Unlink packages if repository gets deleted.
* Prevent user/org delete if a packages exist.
* Use package unlink in repository service.
* Added support for composer packages.
* Restructured package docs.
* Added missing tests.
* Fixed generic content page.
* Fixed docs.
* Fixed swagger.
* Added missing type.
* Fixed ambiguous column.
* Organize content store by sha256 hash.
* Added admin package management.
* Added support for sorting.
* Add support for multiple identical versions/files.
* Added missing repository unlink.
* Added file properties.
* make fmt
* lint
* Added Conan package registry.
* Updated docs.
* Unify package names.
* Added swagger enum.
* Use longer TEXT column type.
* Removed version composite key.
* Merged package and container registry.
* Removed index.
* Use dedicated package router.
* Moved files to new location.
* Updated docs.
* Fixed JOIN order.
* Fixed GROUP BY statement.
* Fixed GROUP BY #2 .
* Added symbol server support.
* Added more tests.
* Set NOT NULL.
* Added setting to disable package registries.
* Moved auth into service.
* refactor
* Use ctx everywhere.
* Added package cleanup task.
* Changed packages path.
* Added container registry.
* Refactoring
* Updated comparison.
* Fix swagger.
* Fixed table order.
* Use token auth for npm routes.
* Enabled ReverseProxy auth.
* Added packages link for orgs.
* Fixed anonymous org access.
* Enable copy button for setup instructions.
* Merge error
* Added suggestions.
* Fixed merge.
* Handle "generic".
* Added link for TODO.
* Added suggestions.
* Changed temporary buffer filename.
* Added suggestions.
* Apply suggestions from code review
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
* Update docs/content/doc/packages/nuget.en-us.md
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
3 years ago