* Add fallback href link
* Switch async archive generation to use href links
* Edit all templates to use href instead of data-url for archives
* Add consistent rel="nofollow" as per wxiaoguang
* Cleanup and use global style on popups
- Fix typo 'poping' to 'popping'
- Remove most inline 'data-variation' attributes
- Initialize all popups with 'inverted tiny' variation
* misc tweaks
* rename to .tooltip, use jQuery
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this.
This is an extensive PR attempting to fix these issues.
1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping.
2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand.
3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future.
4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.)
5. The title generation in feeds is now properly escaped.
6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add compare tag dropdown to releases page
* Change defaults to be more intuitive and remove unneeded option
* Fix to select branch on releases page
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Prevent 404 on new pull request button on forked fork owned by the owner
of the root repository. Also ensure that the names make sense.
Signed-off-by: Andrew Thornton <art27@cantab.net>
The four clone button templates are pretty much identical except the one
in a non-empty repo had a few features which the others lacked.
Consolidate them in a single shared template which also makes the JS
that remembers protocol work on them all.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add class to page content to unify top margin
Previously pages would individually set this margin but some didn't so
content would stick to the header without any space. Resolve this by
adding a new class that is added on all pages. The only place where we
remove this margin again is on the pages with menu or wrapper in the
header.
* fix admin notices
* fix team pages
* fix loading segment on gitgraph for arc-green
* fix last missing case
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Markdown and Repo header tweaks
- Use CSS vars for all markdown colors
- Tweak repo header, removing double borders and adjust sizes
- Use menu instead of buttons for issue open/close switcher
- Add emoji inversion for select emoji glyphs in arc-green
- Use border over box-shadow for all buttons
- Add spacing element to login form without openid
* repo settings navbar fix
* use shared template in more places and adjust dashboard
* fix remaining open/close combos
* Dropdowns and Labels fixes
- Rework dropdown, menu and label styles
- Improve issue sidebar milestone and label sections
- Fix archived repo and private org badge
- Move more colors to CSS vars
- Move issue number to end of title on issue page
* more dropdown fixes
* fix basic blue labels - fixes#13731
* improve class setting on svg
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Indentation-related rules are disabled because indent templates with
tabs but our lint rules expect spaces.
Also had to exclude a few files where using template variables in the JS
is causing syntax errors for the JS parser. I don't think there's a way
to solve this otherwise.
Co-authored-by: Lauris BH <lauris@nix.lv>
* Prevent clone protocol button flash on page load
Previously, the saved active buttons would flash on page load because if
delay involved in JS execution. Prevent these flashes bydisabling
transitions on page load and run the script right after. It's not an
ideal solution (which would require server-side storage of user
settings like this) but I'd say better than before.
* add defer
Co-authored-by: zeripath <art27@cantab.net>
* Make archival asynchronous
The prime benefit being sought here is for large archives to not
clog up the rendering process and cause unsightly proxy timeouts.
As a secondary benefit, archive-in-progress is moved out of the
way into a /tmp file so that new archival requests for the same
commit will not get fulfilled based on an archive that isn't yet
finished.
This asynchronous system is fairly primitive; request comes in, we'll
spawn off a new goroutine to handle it, then we'll mark it as done.
Status requests will see if the file exists in the final location,
and report the archival as done when it exists.
Fixes#11265
* Archive links: drop initial delay to three-quarters of a second
Some, or perhaps even most, archives will not take all that long to archive.
The archive process starts as soon as the download button is initially
clicked, so in theory they could be done quite quickly. Drop the initial
delay down to three-quarters of a second to make it more responsive in the
common case of the archive being quickly created.
* archiver: restructure a little bit to facilitate testing
This introduces two sync.Cond pointers to the archiver package. If they're
non-nil when we go to process a request, we'll wait until signalled (at all)
to proceed. The tests will then create the sync.Cond so that it can signal
at-will and sanity-check the state of the queue at different phases.
The author believes that nil-checking these two sync.Cond pointers on every
archive processing will introduce minimal overhead with no impact on
maintainability.
* gofmt nit: no space around binary + operator
* services: archiver: appease golangci-lint, lock queueMutex
Locking/unlocking the queueMutex is allowed, but not required, for
Cond.Signal() and Cond.Broadcast(). The magic at play here is just a little
too much for golangci-lint, as we take the address of queueMutex and this is
mostly used in archiver.go; the variable still gets flagged as unused.
* archiver: tests: fix several timing nits
Once we've signaled a cond var, it may take some small amount of time for
the goroutines released to hit the spot we're wanting them to be at. Give
them an appropriate amount of time.
* archiver: tests: no underscore in var name, ungh
* archiver: tests: Test* is run in a separate context than TestMain
We must setup the mutex/cond variables at the beginning of any test that's
going to use it, or else these will be nil when the test is actually ran.
* archiver: tests: hopefully final tweak
Things got shuffled around such that we carefully build up and release
requests from the queue, so we can validate the state of the queue at each
step. Fix some assertions that no longer hold true as fallout.
* repo: Download: restore some semblance of previous behavior
When archival was made async, the GET endpoint was only useful if a previous
POST had initiated the download. This commit restores the previous behavior,
to an extent; we'll now submit the archive request there and return a
"202 Accepted" to indicate that it's processing if we didn't manage to
complete the request within ~2 seconds of submission.
This lets a client directly GET the archive, and gives them some indication
that they may attempt to GET it again at a later time.
* archiver: tests: simplify a bit further
We don't need to risk failure and use time.ParseDuration to get 2 *
time.Second.
else if isn't really necessary if the conditions are simple enough and lead
to the same result.
* archiver: tests: resolve potential source of flakiness
Increase all timeouts to 10 seconds; these aren't hard-coded sleeps, so
there's no guarantee we'll actually take that long. If we need longer to
not have a false-positive, then so be it.
While here, various assert.{Not,}Equal arguments are flipped around so that
the wording in error output reflects reality, where the expected argument is
second and actual third.
* archiver: setup infrastructure for notifying consumers of completion
This API will *not* allow consumers to subscribe to specific requests being
completed, just *any* request being completed. The caller is responsible for
determining if their request is satisfied and waiting again if needed.
* repo: archive: make GET endpoint synchronous again
If the request isn't complete, this endpoint will now submit the request and
wait for completion using the new API. This may still be susceptible to
timeouts for larger repos, but other endpoints now exist that the web
interface will use to negotiate its way through larger archive processes.
* archiver: tests: amend test to include WaitForCompletion()
This is a trivial one, so go ahead and include it.
* archiver: tests: fix test by calling NewContext()
The mutex is otherwise uninitialized, so we need to ensure that we're
actually initializing it if we plan to test it.
* archiver: tests: integrate new WaitForCompletion a little better
We can use this to wait for archives to come in, rather than spinning and
hoping with a timeout.
* archiver: tests: combine numQueued declaration with next-instruction assignment
* routers: repo: reap unused archiving flag from DownloadStatus()
This had some planned usage before, indicating whether this request
initiated the archival process or not. After several rounds of refactoring,
this use was deemed not necessary for much of anything and got boiled down
to !complete in all cases.
* services: archiver: restructure to use a channel
We now offer two forms of waiting for a request:
- WaitForCompletion: wait for completion with no timeout
- TimedWaitForCompletion: wait for completion with timeout
In both cases, we wait for the given request's cchan to close; in the latter
case, we do so with the caller-provided timeout. This completely removes the
need for busy-wait loops in Download/InitiateDownload, as it's fairly clean
to wait on a channel with timeout.
* services: archiver: use defer to unlock now that we can
This previously carried the lock into the goroutine, but an intermediate
step just added the request to archiveInProgress outside of the new
goroutine and removed the need for the goroutine to start out with it.
* Revert "archiver: tests: combine numQueued declaration with next-instruction assignment"
This reverts commit bcc5214023.
Revert "archiver: tests: integrate new WaitForCompletion a little better"
This reverts commit 9fc8bedb56.
Revert "archiver: tests: fix test by calling NewContext()"
This reverts commit 709c35685e.
Revert "archiver: tests: amend test to include WaitForCompletion()"
This reverts commit 75261f56bc.
* archiver: tests: first attempt at WaitForCompletion() tests
* archiver: tests: slight improvement, less busy-loop
Just wait for the requests to complete in order, instead of busy-waiting
with a timeout. This is slightly less fragile.
While here, reverse the arguments of a nearby assert.Equal() so that
expected/actual are correct in any test output.
* archiver: address lint nits
* services: archiver: only close the channel once
* services: archiver: use a struct{} for the wait channel
This makes it obvious that the channel is only being used as a signal,
rather than anything useful being piped through it.
* archiver: tests: fix expectations
Move the close of the channel into doArchive() itself; notably, before these
goroutines move on to waiting on the Release cond.
The tests are adjusted to reflect that we can't WaitForCompletion() after
they've already completed, as WaitForCompletion() doesn't indicate that
they've been released from the queue yet.
* archiver: tests: set cchan to nil for comparison
* archiver: move ctx.Error's back into the route handlers
We shouldn't be setting this in a service, we should just be validating the
request that we were handed.
* services: archiver: use regex to match a hash
This makes sure we don't try and use refName as a hash when it's clearly not
one, e.g. heads/pull/foo.
* routers: repo: remove the weird /archive/status endpoint
We don't need to do this anymore, we can just continue POSTing to the
archive/* endpoint until we're told the download's complete. This avoids a
potential naming conflict, where a ref could start with "status/"
* archiver: tests: bump reasonable timeout to 15s
* archiver: tests: actually release timedReq
* archiver: tests: run through inFlight instead of manually checking
While we're here, add a test for manually re-processing an archive that's
already been complete. Re-open the channel and mark it incomplete, so that
doArchive can just mark it complete again.
* initArchiveLinks: prevent default behavior from clicking
* archiver: alias gitea's context, golang context import pending
* archiver: simplify logic, just reconstruct slices
While the previous logic was perhaps slightly more efficient, the
new variant's readability is much improved.
* archiver: don't block shutdown on waiting for archive
The technique established launches a goroutine to do the wait,
which will close a wait channel upon termination. For the timeout
case, we also send back a value indicating whether the timeout was
hit or not.
The timeouts are expected to be relatively small, but still a multi-
second delay to shutdown due to this could be unfortunate.
* archiver: simplify shutdown logic
We can just grab the shutdown channel from the graceful manager instead of
constructing a channel to halt the caller and/or pass a result back.
* Style issues
* Fix mis-merge
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Make copy/paste work for source code
Fix regression casued by #12047 so copy/paste works properly in all browsers.
Fixes#12184
Also while looking at this I saw a small display issue for blame view. I think #12023 was merged into original PR through an update branch before #12047 was merged and made one of the css ruules not apply anymore.
* use pseudo-element to prevent copying of comment + symbol even when not visually selected
* remove added newline here should not be necessary anymore
* make sure empty line is newline so there is something to select and copy
* routers: make /compare route available to unauthenticated users
Remove some bits of the compare interface if the user isn't signed in.
Notably, they don't need to see the "New Pull Request" button box nor the
hidden form that would fail to submit due to the POST request continuing to
require proper privileges.
Follow-up commits will improve the UI a bit around this, removing some
"Pull Request" verbiage in favor of "Compare."
* ui: home: show "compare" button for unauthenticated users
This change requires pulling in the BaseRepo unconditionally and
recording if the pull request is in-fact not allowed
(.PullRequestCtx.Allowed). If the user isn't allowed to create a pull
request, either because this isn't a fork or same-fork branch PRs aren't
allowed, then we'll name the button "Compare" instead of "Pull Request."
* ui: branch list: use the new Compare language when available
When viewing the branch listing as an unauthenticated user, you'll get
"Pull Request" buttons. use the new "Compare" verbiage instead, which
matches GitHub behavior when you can't issue a pull request from the
branches.
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Now that emojify.js has been removed, get rid of all instances of has-emoji class that was only used for that. Support for rendering shortcodes should remain in all of these places so it should still work the same.
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Remove all CommitStatus when a repo is deleted
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* More UI tweaks
More info in PR
* Generate stylesheet for arc-green
* Make gofmt work
* Change PR integration since the button is changed
* Rebase
* Generate stylesheet
* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed
* Commit to reference related issues
Resolves#5782Resolves#5861
Addresses original question in #5993
* Change the comment wording since PR button is no longer little and green.
* Revert changes that made Windows work
* Regenerate stylesheet
* Regenerate stylesheets
* make generate-stylesheets
* Update integration again, changed button style
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future
* Added missing semi-colons
* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns
* Remove extra tab formatting in list.tmpl
* Remove more formatting from GoLand
* Replace hardcoded "No License" with i18n license helper.
* UI: Repo header tweaks
- Use basic buttons on the header buttons, matching gogs
- Make 'Manage topic' text smaller, remove margin-left with no topics
present
- Move various inline styles to CSS
- Use flexbox on header title and buttons
* fix indentation
* reverse media query wrapping
* fix inconsisten whitespace
* Revert #5877
This unfortunately was not the solution.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change permission check to create pull requests to CanReadIssuesOrPulls
Signed-off-by: Andrew Thornton <art27@cantab.net>
* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived
* Refuse creating an issue/PR via API calls too
* Fix layout of the topic edit.
- made right-hand column wider so that it has enough space for "Done" button.
- fixed issue that jQuery's .show() breaks functionality of the Semantic UI Grid.
* Improve switching visibility of the topic edit
Changes to support old browsers that doesn't support 'flex' keyword.
- Removed style "display: none" from index.css so that
the grid can be displayed without specifying new "display" style.
- Added style "display:none" to the grid element in HTML template
as the initial style.
- In index.js, visibility of the grid element is changed by
set "display:none" style to the element or removing it from the element.
The feature to list commits from a subdirectory is already there but
so far the history link to it was missing. There is a History button
in the view_file.tmpl already so avoid showing two history buttons in
that case.
The GitHub webinterface has the same History button in the same place
so this makes gitea a little bit more compatible.
Signed-off-by: Bernhard Froehlich <decke@bluelife.at>
* add topic models and unit tests
* fix comments
* fix comment
* add the UI to show or add topics for a repo
* show topics on repositories list
* fix test
* don't show manage topics link when no permission
* use green basic as topic label
* fix topic label color
* remove trace content
* remove debug function
The choice regarding which forms should or should not trigger a warning
is subjective. I tried to be consistent and not warn about forms that:
- run an action, rather than edit data: search, send an email.
- delete data: a warning about losing data would be confusing
Note that forms on sign-in pages were already ignored (using a selector,
rather than an explicit class on the form element).
Fixes#3698.
* Viewport meta tag
* responsive: dashboard
* responsive: issues page
* responsive: Explore page
* responsive: navbar, and some navbar css refactoring
* responsive: button for collapsing navbar in mobile view
* Mark the hamburger button as active when pressed
* better homepage for responsive views
* Bring back jump class in navbar
The class was necessary, because this way the
dropdown doesn't assume the contents of the
selected item.
* make repository homes responsive
* Make file view page responsive
* Make forms look good on responsive views
* make commits and commit diff view responsive
* issues and PRs
* responsive wiki
* Don't place auto-init far off the page
* Minor changes to amend broken stuff
minor improvements
- make login/sign up in navbar stackable
- make navbar in explore and sign in not stackable
Change selected class in TestPullCompare
Fix typo that happened when rebasing
fix dashboard on org view
improve profile UI
Use clearing on file diff to fix broken UI caused by floating elements
remove unresolved merge conflict, and | Sanitize
Fix repo home not loading
* Make URL scheme unambiguous
Redirect old routes to new routes
* Fix redirects to new URL scheme, and update template
* Fix branches/_new endpoints, and update integration test
* Add configuration flag SSH_EXPOSE_ANONYMOUS
If this flag (default True) is set to false, the SSH clone URL will only be exposed if the current user is signed in.
* Default SSH exposure set to false
To match GitHub and for security reasons, SSH URL exposure is disabled by default.
In addition to that. minor code changes have been applied.
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
* Add integration tests
* Hide clone button neither HTTP and SSH is enabled
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
* Make compare button URL aware if current repo is a fork (#2162)
* Optimize code
* To not change current behaviour check if signed in user has fork of base repository
* Fix to check only if signed user has forked repo otherwise it will still redirect to wrong page
This commit improves templates readability, since all of them use consistent
indent with all template command blocks indented too.
1. Indents both HTML containers such as <div>, <p> and Go HTML template blocks
such as {{if}} {{with}}
2. Cleans all trailing white-space
3. Adds trailing last line-break to each file
Just use secondary menu instead custom ".head.meta", which simplifies code.
Also do not display repo URL action when we are in subdirectory or viewing a
file.