Commit graph

21799 commits

Author SHA1 Message Date
Gusted
d35bc0e636 Merge pull request 'feat: Add option to disable builtin authentication' (#6112) from squel/forgejo-disable-internal-signin into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6112
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-12-01 19:02:05 +00:00
Otto Richter
d2bf2e7631 Improve performance of allowed org repo creation query (#6100)
See https://codeberg.org/Codeberg-Infrastructure/build-deploy-forgejo/issues/144#issuecomment-2484031.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6100
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
2024-12-01 15:16:25 +00:00
George Tsiamasiotis
a126477e86 feat: Add option to disable builtin authentication.
Setting ENABLE_INTERNAL_SIGNIN to false will disable the built-in
signin form, should the administrator prefer to limit users to SSO.

Continuation of forgejo/forgejo#6076
2024-12-01 15:50:10 +01:00
Renovate Bot
d68c99542c Update dependency djlint to v1.36.3 (forgejo) (#6108)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 08:33:38 +00:00
Renovate Bot
5472cec885 Update dependency @vitest/eslint-plugin to v1.1.12 (forgejo) (#6107)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 08:33:15 +00:00
Renovate Bot
a068209f64 Update dependency happy-dom to v15.11.7 (forgejo) (#6109)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 07:26:10 +00:00
Renovate Bot
57fd321f85 Update dependency @stoplight/spectral-cli to v6.14.2 (forgejo) (#6106)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 07:05:04 +00:00
Earl Warren
7bc6bd3095 Merge pull request 'Fix unconditional DB queries in commit status fetches' (#6105) from mfenniak/forgejo:fix-6101 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6105
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-01 06:42:43 +00:00
Mathieu Fenniak
bb8c712ffa add tests for GetLatestCommitStatusForRepoCommitIDs 2024-11-30 10:56:50 -07:00
Mathieu Fenniak
73583fdea1 Fix unconditional DB queries in commit status fetches 2024-11-30 10:42:38 -07:00
Earl Warren
ebf0179d61 Merge pull request 'Update dependency mermaid to v11.4.1 (forgejo)' (#6087) from renovate/forgejo-mermaid-11.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6087
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-30 06:32:16 +00:00
Gusted
ececc4fda0 Merge pull request 'typos, mostly from codespell, others just by eyeballing' (#6089) from FermeLeLundi/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6089
Reviewed-by: Otto <otto@codeberg.org>
2024-11-29 21:59:43 +00:00
FermeLeLundi
1151ff1b26 Update modules/keying/keying.go
Remove trailing whitespace
2024-11-29 15:42:17 +00:00
Fermé le Lundi
75f703326f Merge branch 'forgejo' into forgejo 2024-11-29 15:37:59 +00:00
Mathieu Fenniak
77fafbe578 Add a "summary card" to issues & PRs for consumption by OpenGraph clients (#6053)
## Overview

Hi all, I'm a first-time contributor to Forgejo.  I was looking for something interesting to contribute and the first thing that caught my attention was https://codeberg.org/forgejo/forgejo/issues/6043, a request for an enhancement to include "issue previews" when publishing links to social media platforms.  As a bit of background, the way these platforms work is that they search for meta tags in the posted link's content, and if they find a meta `og:image` (along with other meta tags) they'll pull the image to include in the social media post.  Forgejo currently provides an `og:image` tag but it just renders the repository or repository-owner's avatar.

This PR will render `og:image` for an issue or PR into a link to `{...}/summary-card`, which is a dynamically generated image that contains a summary of the issue.

## Design Notes

### Rendering / Rasterization

The tricky part of solving this problem is rendering an image that combines some text, some images, and some layout elements.  To address this, I've created a `card` module which allows for a handful of operations:
- Create a new rendered image (a "Card")
- Add a margin to a card
- Split the card, horizontally or vertically, into two pieces with a proportional layout (eg. 70%/30%, as desired), each of which are "Cards" that render into the same root image
- Render text into a card, with line-wrapping and text-alignment capabilities
- Render an image onto a card
- Fetches an external image as safely as possible (for server-side fetch of Gravatar, etc.)

The card module can be reused to create `og:image` summary cards for any object in the future, although obviously it's capabilities are limited.  The current implementation is on issues/PRs.

I considered a few alternative approaches before taking this approach, and here's why I rejected those options:
- Provide the summary card as an SVG object which could be rendered much more easily with a template file -- however, support for SVG isn't defined as positive for OpenGraph, and a quick look through some existing implementations suggest that it is not widely supported, if at all
- Rendering as HTML/CSS, or SVG, and then using an external tool to convert into a PNG (or other static) image -- this would be much nicer and easier to implement, but would require tying in some very heavy-weight dependencies
- Rendering using a more sophisticated graphics library, eg. cairo -- also would be nicer and easier to implement, but again a heavy dependency for a small functionality

As a result of the limited capabilities of the new card module, summary cards don't have icons on them (which would require SVG rasterization) or pretty status badges with colors and rounded rects.  In the future if better drawing capabilities were added, the graphics could be improved, but it doesn't seem too important.

### External Avatars

In order to rasterize a user's avatar onto the summary card, it might have to be retrieved by the server from the external source (eg. Gravatar).  A `fetchExternalImage` routine attempts to do this in the safest way possible to protect the server from any possible security exposure from this; (a) verifying that the content-types are acceptable, (b) ensuring that the file-size and image-size are within the safe bounds that are used for custom avatars, (c) using a very-short timeout to avoid stalling the server if an external dependency is offline.

### Caching

Summary cards are cached after rendered.  This has the downside of causing updates to statuses, avatars, titles, etc. being stale on the summary card for the cache TTL.  However, during testing I found that some social media engines like Mastodon will cause the summary card to be accessed a significant number of times after being referenced by a post, causing a mini-tornado of requests.  The cache compensates for this to avoid server load in this situation.

### Scope

I'm considering out-of-scope:
- Summary cards on other objects (eg. repos, users) can be left for future implementation

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- ~~I added test coverage for JavaScript changes...~~ n/a, no JS changes
  - [x] ~~in `web_src/js/*.test.js` if it can be unit tested.~~
  - [x] ~~in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).~~
- Manual testing
  - [x] Access & attach screenshots of both an issue and a pull-request's summary card; see below
  - [x] Ensure reasonable (non-crash) behavior of rendering text with glyphs outside the font -- correctly rendered as replacement unicode chars
  - [x] Using a public test instance, verify that og:image behavior looks good on platforms like Mastodon and BlueSky
    - [x] Bluesky: 
    - [x] Mastodon:    (Note that the summary card will be requested many times as the post is federated; either each server, or each client, will fetch it itself)
    - [x] OpenGraph test site (https://www.opengraph.xyz/): 
    - [x] Discord: Looks OK ; needs "twitter:card" to be set to "summary_large_image" to display the large-scale image, but (a) that's probably annoying to use, (b) probably wrong because it doesn't match Twitter Card's spec for a "photographic image", and (c) don't want to encourage/continue use of vendor-specific tag
  - [x] Verify cases with user avatar missing (or autogen), and repo avatar missing (falls back to repo owner avatar)

Pull request summary card:
![image](/attachments/b64283e3-9a3c-4f19-9d00-961662ffe86b)

Issue summary card:
![image](/attachments/318ce589-02e0-493e-b10c-5b2cb2627db2)

(images to the right are the custom repo avatar, w/ fallback to the repo owner avatar)

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
  - OpenGraph capabilities are expected to work in the background without user awareness, and so there is no need for documentation to explain the capabilities for users.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6053
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2024-11-29 15:02:03 +00:00
Gusted
0c2b01dbb4 Merge pull request 'Update dependency sortablejs to v1.15.6 (forgejo)' (#6095) from renovate/forgejo-sortablejs-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6095
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-29 14:56:26 +00:00
Renovate Bot
96e3b7db10 Update dependency sortablejs to v1.15.6 2024-11-29 00:02:57 +00:00
Fermé le Lundi
ac99be3bb7 Merge branch 'forgejo' into forgejo 2024-11-28 22:53:34 +00:00
Otto
48b91fa31a Merge pull request 'Improve Swagger documentation for user endpoints' (#6050) from JakobDev/forgejo:userswagger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6050
Reviewed-by: Otto <otto@codeberg.org>
2024-11-28 20:42:19 +00:00
Fermé le Lundi
0e22875b8b Merge branch 'forgejo' into forgejo 2024-11-28 19:35:26 +00:00
JakobDev
76fb2afc40
Run make tidy 2024-11-28 19:36:55 +01:00
Earl Warren
fe246cc060 Merge pull request 'Update dependency sortablejs to v1.15.5 (forgejo)' (#6088) from renovate/forgejo-sortablejs-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6088
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-28 18:02:58 +00:00
FermeLeLundi
8b4b209861 Update tests/e2e/shared/forms.ts
Typo
2024-11-28 10:49:23 +00:00
FermeLeLundi
af8edb4ff3 Update tests/e2e/README.md
Typo
2024-11-28 10:48:04 +00:00
FermeLeLundi
f2b7cfa7f7 Update tests/integration/repo_tag_test.go
Typo
2024-11-28 10:39:38 +00:00
FermeLeLundi
f65fba1869 Update tests/integration/codeowner_test.go
Typo
2024-11-28 10:38:06 +00:00
FermeLeLundi
9ae95d7bbb Update modules/keying/keying_test.go
Typo
2024-11-28 10:35:55 +00:00
FermeLeLundi
229cb20f68 Update modules/keying/keying.go
Typo
2024-11-28 10:34:08 +00:00
FermeLeLundi
893c2f2d90 Update modules/git/repo_commit.go
Typo
2024-11-28 10:31:28 +00:00
FermeLeLundi
0f64c5a806 Update modules/indexer/code/elasticsearch/elasticsearch.go
Typo
2024-11-28 10:29:18 +00:00
FermeLeLundi
eef6d55877 Update modules/typesniffer/typesniffer.go
Typo
2024-11-28 10:27:33 +00:00
FermeLeLundi
01e1bc0cb8 Update web_src/js/features/comp/ComboMarkdownEditor.js
Typo
2024-11-28 10:26:12 +00:00
FermeLeLundi
99de40b73e Update routers/web/repo/issue.go
Typo
2024-11-28 10:23:45 +00:00
FermeLeLundi
f0de20e747 Update models/git/commit_status_test.go
Typos
2024-11-28 10:15:54 +00:00
FermeLeLundi
decb673f28 Update services/repository/branch.go
Typo
2024-11-28 10:13:56 +00:00
FermeLeLundi
76d011c4b2 Update services/context/csrf.go
Typo
2024-11-28 10:12:46 +00:00
FermeLeLundi
3b47409532 Update Makefile
Typo
2024-11-28 10:11:36 +00:00
Codeberg Translate
df00b0e345 i18n: update of translations from Codeberg Translate (#6041)
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: Edgarsons <Edgarsons@users.noreply.translate.codeberg.org>
Co-authored-by: SomeTr <SomeTr@users.noreply.translate.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: CN-P5 <CN-P5@users.noreply.translate.codeberg.org>
Co-authored-by: WithLithum <WithLithum@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: Benedikt Straub <Nordfriese@users.noreply.translate.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Lzebulon <Lzebulon@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: EssGeeEich <EssGeeEich@users.noreply.translate.codeberg.org>
Co-authored-by: Baempaieo <Baempaieo@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: antaanimosity <antaanimosity@users.noreply.translate.codeberg.org>
Co-authored-by: Atul_Eterno <Atul_Eterno@users.noreply.translate.codeberg.org>
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6041
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-11-28 08:41:35 +00:00
Renovate Bot
4009e6a85b Update dependency sortablejs to v1.15.5 2024-11-28 00:03:23 +00:00
Renovate Bot
7ffa8c4c2e Update dependency mermaid to v11.4.1 2024-11-28 00:03:01 +00:00
Earl Warren
22d08c62f1 Merge pull request 'feat: migrate TOTP secrets to keying' (#6074) from gusted/forgejo-totp-keying into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6074
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-27 18:31:35 +00:00
Earl Warren
1b796fd2d9 Merge pull request 'Fix wiki search overflowing on wide screens (#6047)' (#6063) from spiffyk/forgejo:wiki-search-too-wide into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6063
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-11-27 18:28:27 +00:00
Earl Warren
bd2593a771 Merge pull request 'fix: normalize guessed languages from enry' (#6084) from gusted/forgejo-f#-or-fsharp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6084
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-27 18:24:29 +00:00
Gusted
7aeb1ba1d5
fix: normalize guessed languages from enry
- In the case that Enry correctly recognized the language, but returns
the language name in a way that isn't recognized by enry. Although
overkill I've added a map such that new entries should be easier to add.
- Resolves #6077
- Added unit test
2024-11-27 17:57:02 +01:00
Baltazár Radics
0734596eaa Use user.FullName in Oauth2 id_token response (#6071)
Cherry-pick of [gitea#32542](https://github.com/go-gitea/gitea/pull/32542).

This makes /login/oauth/authorize behave the same way as the /login/oauth/userinfo endpoint. Previously, `name` property of the returned OIDCToken used to depend on the UI.DefaultShowFullName setting (I don't think this is desired behavior). Even worse, the `userinfo` endpoint can return basically the same data, but the `name` value there always returned `FullName`, even if it's empty (no fallback to `Name`).

A few notes:

I'm not sure what branch to target with this PR, please correct me if I'm chose the wrong one.

The deleted lines in the tests are duplicates, there's a copy of the whole thing just below, the only difference being the `Name` field (used to test the dependency on the UI.DefaultShowFullName setting)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6071
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Baltazár Radics <baltazar.radics@gmail.com>
Co-committed-by: Baltazár Radics <baltazar.radics@gmail.com>
2024-11-27 07:48:32 +00:00
0ko
6b9168c1e8 Merge pull request 'feat: improve wording of limited visibility' (#6083) from gusted/limited-visibility into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6083
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-11-27 05:57:43 +00:00
Gusted
c1b1280182
feat: improve wording of limited visibility
- "Authenticated users" might suggest that there are special types of
users when it merely means users that are signed in.
- Resolves Codeberg/Documentation#427
2024-11-27 04:31:16 +01:00
Gusted
f795dd9bfb Merge pull request 'Update dependency chartjs-plugin-zoom to v2.2.0 (forgejo)' (#6082) from renovate/forgejo-chartjs-plugin-zoom-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6082
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-27 00:32:34 +00:00
Renovate Bot
6bb87ee6d7 Update dependency chartjs-plugin-zoom to v2.2.0 2024-11-27 00:03:02 +00:00
Gusted
a8c61532d2
feat: migrate TOTP secrets to keying
- Currently the TOTP secrets are stored using the `secrets` module with
as key the MD5 hash of the Secretkey, the `secrets` module uses general
bad practices. This patch migrates the secrets to use the `keying`
module (#5041) which is easier to use and use better practices to store
secrets in databases.
- Migration test added.
- Remove the Forgejo migration databases, and let the gitea migration
databases also run forgejo migration databases. This is required as the
Forgejo migration is now also touching tables that the forgejo migration
didn't create itself.
2024-11-27 00:34:16 +01:00