1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-04 14:46:57 -05:00
Commit Graph

4524 Commits

Author SHA1 Message Date
silverwind
60e4a98ab0
Preserve BOM in web editor (#28935)
The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.
2024-01-27 18:02:51 +00:00
JakobDev
7ed18566e1
Show in Web UI if file is vendored and generated (#28620)
This simple shows in the Web UI is a file is vendored and/or generated.


![grafik](https://github.com/go-gitea/gitea/assets/15185051/bfe45fcc-cfec-4ba1-8d93-c0a262c3ae1c)

![grafik](https://github.com/go-gitea/gitea/assets/15185051/9f222a49-e7bf-4540-ba64-43dcc5767b76)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-24 13:51:37 +08:00
Jimmy Praet
ee3e83eec1
Don't reload timeline page when (un)resolving or replying conversation (#28654)
Fixes #15981
2024-01-24 03:26:28 +00:00
JakobDev
4567a3a1ad
Allow to sync tags from admin dashboard (#28045)
Inspired by #28043

This PR adds a option to the Admin Dashboard to sync all tags to the
database.


![grafik](https://github.com/go-gitea/gitea/assets/15185051/26ac51ef-82a4-4fd9-a6a6-5aefec612ff6)
2024-01-24 03:02:04 +00:00
JakobDev
f3ba3e922d
Don't run push mirrors for archived repos (#27140)
Fixes https://codeberg.org/forgejo/forgejo/issues/612

At the moment push mirrors are still run if a repo is archived. This PR
fixes this.
2024-01-24 02:32:57 +00:00
wackbyte
fd97613b65
Fix hardcoded GitHub icon used as migrated release avatar (#28910) 2024-01-24 01:07:13 +00:00
yp05327
b693611b35
Don't show new pr button when page is not compare pull (#26431)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/ba69252f-3582-414a-9d62-b2b78d7035dd)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/71b8587c-b96e-48fb-b3e5-1a2a8b5d06fa)
(TestOrg:test is a tag not branch)

Problem:
In the template, we will not add `compare pull` class when
`PageIsComparePull` is false.

a370efc13f/templates/repo/diff/compare.tmpl (L2)
But in the js, we are using `.repository.compare.pull` to find the
button:

a370efc13f/web_src/js/features/repo-legacy.js (L552-L563)
So, if `PageIsComparePull` is false, the `New Pull Request` button will
be there, but has no response when we click it.
2024-01-21 15:13:00 +00:00
6543
49d7663929
Revert adding htmx until we finaly decide to add it (#28879) 2024-01-21 21:42:35 +08:00
Yarden Shoham
1df06e3f39
Don't do a full page load when clicking the follow button (#28872)
- Use htmx to perform the button request
- `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` to authenticate (we
should probably learn to reuse this)
- `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST
request to follow the user
- `hx-target="#profile-avatar-card"` to target the card div for
replacement
- `hx-swap="outerHTML"` to replace the card (as opposed to its inner
content) with the new card that shows the new follower count and button
color
- Change the backend response to return a `<div>` tag (the card) instead
of a redirect to the user page

# Before

![before](https://github.com/go-gitea/gitea/assets/20454870/86899d15-41c9-42ed-bd85-253b9caac7f8)

# After

![after](https://github.com/go-gitea/gitea/assets/20454870/59455d96-548c-4a81-a5b0-fab1dc1e87ef)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 23:37:22 +01:00
Yarden Shoham
14f6fcf448
Don't do a full page load when clicking the subscribe button (#28871)
- Refactor the form around the subscribe button into its own template
- Use htmx to perform the form submission
- `hx-boost="true"` to prevent the default form submission behavior of a
full page load
- `hx-sync="this:replace"` to replace the current request (in case the
button is clicked again before the response is returned)
  - `hx-target="this"` to replace the form tag with the new form tag
  - `hx-push-url="false"` to disable a change to the URL
  - `hx-swap="show:no-scroll"` to preserve the scroll position
- Change the backend response to return a `<form>` tag instead of a
redirect to the issue page
- Include `htmx.org` in javascript imports

This change introduces htmx with the hope we could use it to make Gitea
more reactive while keeping our "HTML rendered on the server" approach.

# Before


![before](https://github.com/go-gitea/gitea/assets/20454870/4ec3e81e-4dbf-4338-9968-b0655c276d4c)

# After


![after](https://github.com/go-gitea/gitea/assets/20454870/8c8841af-9bfe-40b2-b1cd-cd1f3c90ba4d)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 20:44:51 +01:00
Adam Majer
d68a613ba8
Add support for sha256 repositories (#23894)
Currently only SHA1 repositories are supported by Gitea. This adds
support for alternate SHA256 with the additional aim of easier support
for additional hash types in the future.

Fixes: #13794
Limited by: https://github.com/go-git/go-git/issues/899
Depend on: #28138

<img width="776" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/5448c9a7-608e-4341-a149-5dd0069c9447">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 17:05:02 +01:00
KN4CK3R
461d8b53c2
Fix some RPM registry flaws (#28782)
Related #26984
(https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912)

Fix admin cleanup message.
Fix models `Get` not respecting default values.
Rebuild RPM repository files after cleanup.
Do not add RPM group to package version name.
Force stable sorting of Alpine/Debian/RPM repository data.
Fix missing deferred `Close`.
Add tests for multiple RPM groups.
Removed non-cached `ReplaceAllStringRegex`.

If there are multiple groups available, it's stated in the package
installation screen:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415)
2024-01-19 11:37:10 +00:00
yp05327
4674aea25b
Fix display latest sync time for pull mirrors on the repo page (#28841)
Follow #28712

1. Missing Locale word `mirror_sync`
2. Maybe forgot checking the conflict from #27760

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/6100d35b-7fe3-4095-9c24-7875568f7380)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/69647169-b812-45bc-a267-ab28f2df6ef6)
2024-01-18 18:27:07 +08:00
JakobDev
edfb57e699
Render code block in activity tab (#28816)
This is a little bugfix. Inline code is usually rendered in issue
titles, but it is missing in the activity tab.

Before:
![Screenshot 2024-01-16 at 14-20-51
Test](https://github.com/go-gitea/gitea/assets/15185051/383370f3-0fb2-49de-81cc-014e5cf86727)
After:

![grafik](https://github.com/go-gitea/gitea/assets/15185051/83eaf973-ce9a-44ce-beea-2db49fc8bd73)
2024-01-16 22:38:09 +08:00
Lunny Xiao
c08d263a19
Remove trust model selection from repository creation on web page because it can be changed in settings later (#28814)
As more and more options can be set for creating the repository, I don't
think we should put all of them into the creation web page which will
make things look complicated and confusing.

And I think we need some rules about how to decide which should/should
not be put in creating a repository page. One rule I can imagine is if
this option can be changed later and it's not a MUST on the creation,
then it can be removed on the page. So I found trust model is the first
one.

This PR removed the trust model selections on creating a repository web
page and kept others as before.
This is also a preparation for #23894 which will add a choice about SHA1
or SHA256 that cannot be changed once the repository created.
2024-01-16 20:54:48 +08:00
Denys Konovalov
d971dfbae1
Fix links in issue card (#28806)
Fixes_
https://github.com/go-gitea/gitea/issues/23318#issuecomment-1611086747
2024-01-15 22:38:13 +02:00
JakobDev
885cc32b14
Show latest commit for file (#28067)
If you view a file, you can now see the latest commit that changed that file.

![grafik](https://github.com/go-gitea/gitea/assets/15185051/272c3120-6db7-4f88-86e1-60080c9aabe5)

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
2024-01-15 17:42:15 +01:00
Gwyneth Morgan
2c3da59e27
Add ability to see open and closed issues at the same time (#28757)
By clicking the currently active "Open" or "Closed" filter button in the
issue list, the user can toggle that filter off in order to see all
issues regardless of state. The URL "state" parameter will be set to
"all" and the "Open"/"Closed" button will not show as active.
2024-01-15 15:07:22 +00:00
Dmitry Sharshakov
2d343f8987
Display latest sync time for pull mirrors on the repo page (#28712)
Fixes #25168

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 14:37:14 +00:00
KN4CK3R
637451a45e
Rework markup link rendering (#26745)
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary> 

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-15 08:49:24 +00:00
Jimmy Praet
5d3fdd1212
Add branch protection setting for ignoring stale approvals (#28498)
Fixes #27114.

* In Gitea 1.12 (#9532), a "dismiss stale approvals" branch protection
setting was introduced, for ignoring stale reviews when verifying the
approval count of a pull request.
* In Gitea 1.14 (#12674), the "dismiss review" feature was added.
* This caused confusion with users (#25858), as "dismiss" now means 2
different things.
* In Gitea 1.20 (#25882), the behavior of the "dismiss stale approvals"
branch protection was modified to actually dismiss the stale review.

For some users this new behavior of dismissing the stale reviews is not
desirable.

So this PR reintroduces the old behavior as a new "ignore stale
approvals" branch protection setting.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 07:20:01 +00:00
yp05327
ce0225c1b8
Forbid removing the last admin user (#28337)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-15 06:51:43 +00:00
Gwyneth Morgan
e5313248a8
Add non-JS fallback for reaction tooltips (#28785)
When JavaScript is not loaded, fall back to displaying reaction tooltips
with the default browser `title` attribute. An element with a present
but empty `data-tooltip-content` will use the `title` attribute for its
tippy.js tooltip content, so when JavaScript is enabled, this functions
the same as the current behavior.
2024-01-15 09:42:59 +08:00
wxiaoguang
ad0b637d46
Fix button size in "attached header right" (#28770)
Before:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/c82f8615-04d4-408f-95bf-689c227a8814)



![image](https://github.com/go-gitea/gitea/assets/2114189/d01d05a7-09ca-48f3-a0e7-fec48119b426)

</details>

After:



![image](https://github.com/go-gitea/gitea/assets/2114189/e560398e-2fa4-4f46-9229-f6acc70e32ab)


![image](https://github.com/go-gitea/gitea/assets/2114189/bd18961d-0636-4584-b893-c465daaf40af)
2024-01-12 14:43:40 +00:00
wxiaoguang
34a0684397
Improve CSS helper naming (#28769)
* `gt-w-100` => `gt-w-full` to match tailwind
* clarify `gt-hidden` priority
2024-01-12 20:28:01 +08:00
Denys Konovalov
7d62615513
Revamp repo header (#27760)
Redesign repo header with following new aspects:
- responsive & better-looking repo title
- hide repo button text instead of icons in mobile view
- use same tab style as on explore and org page

<details>
<summary>Before:</summary>


![grafik](https://github.com/go-gitea/gitea/assets/47871822/57360b77-d43c-49ac-b798-2363c03da7ec)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/d4117f79-a5f5-4f36-bf65-bbada3e7e73b)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/e26f967f-e264-4337-9925-3d942e04fd6d)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/b4683c8d-9c6a-4089-afa7-8dd219e43a46)


</details>

<details>
<summary>After:</summary>


![grafik](https://github.com/go-gitea/gitea/assets/47871822/8ddbc9f6-53c7-4e4e-bea9-704fd93524ca)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/c0588aa9-788d-469c-98a0-81484fbd220c)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/206e931e-404d-4d1b-92ce-908698addfcc)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/a508f9c8-fadc-4a85-94ba-18796f77e07b)
2024-01-12 03:44:06 +00:00
Exploding Dragon
ba4d0b8ffb
Support for grouping RPMs using paths (#26984)
The current rpm repository places all packages in the same repository,
and different systems (el7,f34) may hit packages that do not belong to
this distribution ( #25304 ) , which now supports grouping of rpm.

![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914)

Fixes #25304 .
Fixes #27056 .

Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
2024-01-12 03:16:05 +00:00
Lunny Xiao
c65f8623e6
Hide code related setting options in repository when code unit is disabled (#28631)
Since #20805, code can be hidden.
However, the related settings are still shown even though they don't
have any meaning then.


https://github.com/go-gitea/gitea/assets/81045/5fdee54d-ac81-418a-82f7-eadff048cedd
2024-01-10 11:55:59 +00:00
wxiaoguang
2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
JakobDev
a80debc208
Add download attribute to release attachments (#28739)
Fixes #28736
2024-01-09 16:51:20 +08:00
wxiaoguang
a04f8c0f81
Move the captcha script loader to the template which really needs it (#28718)
It improves the maintainability for the templates.

Now `base/footer.tmpl` doesn't need to depend on "captcha" feature.
2024-01-07 15:41:46 +00:00
wxiaoguang
c5901b622d
Avoid unnecessary 500 panic when a commit doesn't exist (#28719)
In #26851, it assumed that `Commit` always exists when
`PageIsDiff==true`.

But for a 404 page, the `Commit` doesn't exist, so the following code
would cause panic because nil value can't be passed as string parameter
to `IsMultilineCommitMessage(string)` (or the StringUtils.Cut in later
PRs)
2024-01-07 18:20:22 +08:00
Kyle D
e522e774ca
Add merge arrow direction and update styling (#28523)
Close https://github.com/go-gitea/gitea/issues/28522

~Adds some [negative
margin](https://tailwindcss.com/docs/margin#using-negative-values)
helper css classes using tailwind's [prefix
syntax](https://tailwindcss.com/docs/configuration#prefix)~

### Before

![image](https://github.com/go-gitea/gitea/assets/12700993/5bdabf91-facd-41c8-8e36-e1535beb9409)

### After

![image](https://github.com/go-gitea/gitea/assets/12700993/a6f11f6f-9e64-45b6-b9d7-dfea53fbc6d7)
2024-01-05 17:38:56 +00:00
yp05327
dd5693387e
Add links to owner home page in explore (#28341)
User can select access repo or owner's home page.

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/f40a833f-8560-4585-b047-3a225be2e6ee)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/7893bf3a-5050-4bcb-af99-d56d6c7925f8)
2024-01-05 03:34:35 +00:00
wackbyte
361839fb1c
Fix tooltip of variable edit button (#28681)
The `variables.edit` key does not exist.

![image](https://github.com/go-gitea/gitea/assets/29505620/462a1c6c-775c-466a-8398-37115b2af47a)
2024-01-03 06:25:19 +00:00
wxiaoguang
91aa263225
Make template DateTime show proper tooltip (#28677)
There was a question about "how to improve the datetime display for
SSH/PGP/WebAuthn"
https://github.com/go-gitea/gitea/pull/28262#issuecomment-1831141611

The root problem is that `DateTime` misses the "data-tooltip-content"
attribute, which should be used to make the tooltip popup smoothly.

Now the UI is consistent and the end users could see the detailed
hour/minute/second easily by hovering the element.


![image](https://github.com/go-gitea/gitea/assets/2114189/2211336f-d59d-4f64-a83b-099f8ef6d29b)


![image](https://github.com/go-gitea/gitea/assets/2114189/f02a9c86-476d-48d6-aece-85a800235fbd)
2024-01-02 20:09:18 +01:00
Mihir Joshi
3d474110c1
Fix long package version names overflowing (#28619)
Fixes #28534 

---
Before:

![image](https://github.com/go-gitea/gitea/assets/50193156/b229551c-0a7d-4a99-9553-1f11b994876a)


After:
<img width="304" alt="image"
src="https://github.com/go-gitea/gitea/assets/50193156/53d04ad0-6d5c-47e2-8a7d-30a4d5dd9959">


Should we also apply this for long filenames in Assets?
It looks like this currently:
<img width="285" alt="image"
src="https://github.com/go-gitea/gitea/assets/50193156/e2dcbb2e-30d5-4e35-b304-6274ef60bda7">

---------

Co-authored-by: Mihir <mihir.joshi@senpiper.com>
2023-12-30 07:42:16 +00:00
Denys Konovalov
6c133b9fe0
switch destination directory for apt signing keys (#28639)
According to [Debian
docs](https://wiki.debian.org/DebianRepository/UseThirdParty):

> The certificate MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded
by apt-key add.
> ...
> If future updates to the certificate will be managed by an apt/dpkg
package as recommended below, then it SHOULD be downloaded into
/usr/share/keyrings using the same filename that will be provided by the
package. If it will be managed locally , it SHOULD be downloaded into
/etc/apt/keyrings instead.
> ...
> A sources.list entry SHOULD have the signed-by option set.
2023-12-28 22:08:59 +01:00
wxiaoguang
e743570f65
Refactor timeutil package (#28623)
1. make names more readable
2. remove unused FormatLong/FormatShort
3. use `FormatDate` instead of `Format "2006-01-02"`
2023-12-28 10:09:57 +00:00
Lunny Xiao
baf0d402d9
Add get actions runner registration token for API routes, repo, org, user and global level (#27144)
Replace #23761

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-12-27 07:57:54 +00:00
Jean-Baptiste Gomond
d0f24ff4ca
Added instance-level variables (#28115)
This PR adds instance-level variables, and so closes #27726



![gitea_instance_variables_1](https://github.com/go-gitea/gitea/assets/8344487/ad409cd4-ce36-4c84-a764-34451b0fb63a)

![gitea_instance_variables_2](https://github.com/go-gitea/gitea/assets/8344487/426f0965-dec6-4560-948c-067cdeddd720)

![gitea_instance_variables_3](https://github.com/go-gitea/gitea/assets/8344487/cf1d7776-4938-4825-922e-cbbbf28a5f33)
2023-12-25 07:28:59 +00:00
Yarden Shoham
d9ed931c4d
Fix wrong due date rendering in issue list page (#28588)
It included the hours, minutes, and seconds. By removing these, the date
renders correctly.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-12-22 10:53:12 -06:00
wxiaoguang
04b235d094
Fix 500 error of searching commits (#28576)
Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.

Fix #28575
2023-12-21 23:09:14 +00:00
David Øvrelid
128eac9e0b
Fix duplicate ID when deleting repo (#28520)
There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.
2023-12-19 04:40:05 +00:00
Bo-Yi Wu
14ffdf6173
chore(api): support ignore password if login source type is LDAP for creating user API (#28491)
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 02:32:45 +00:00
wxiaoguang
bf8b082c40
Improve the prompt for "ssh-keygen sign" (#28509)
Close #28505, ref:
* https://github.com/go-gitea/gitea/pull/20112#issuecomment-1165423026
* https://github.com/go-gitea/gitea/issues/28505#issuecomment-1860048116
2023-12-18 22:53:04 +08:00
wxiaoguang
20929edc99
Add option to disable ambiguous unicode characters detection (#28454)
* Close #24483
* Close #28123
* Close #23682
* Close #23149

(maybe more)
2023-12-17 14:38:54 +00:00
The Magician
7fb6b51470
Remove duplicate option in admin screen and now-unused translation keys (#28492)
Resolves https://github.com/go-gitea/gitea/issues/28451.

This change follows the recommendation by wxiaoguang to remove the
"Disable Minimum Key Size Check" from the "Service Configuration"
section of the UI, because this option belongs to the "SSH
Configuration" section of the administration menu and already has a
functioning indicator in that section of the UI.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-17 04:33:37 +00:00
yp05327
3849fd2ac2
Remove unnecessary forgot password link in delete user section (#28355)
Before:
<img width="458" alt="image"
src="https://github.com/go-gitea/gitea/assets/18380374/92815496-38cc-4bb9-9182-1509a72b07f6">

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/d96ed908-47ad-44cc-a624-4c10fa8c8c86)
2023-12-15 14:13:55 +00:00
Jack Hay
4e879fed90
Deprecate query string auth tokens (#28390)
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00