ce25881c88
refactor(db): move some methods off `user.go` ( #7199 )
2022-10-22 20:01:38 +08:00
c502dc6ed8
refactor(db): move some methods from `user.go` to `users.go` ( #7195 )
2022-10-22 14:41:40 +08:00
318fb25761
web: enable `ETag` to improve loading speed of static resources ( #7035 )
...
Co-authored-by: shlande <shlandeme@icloud.com>
2022-06-09 09:48:03 +08:00
04d3946511
web: print accessible URL on startup ( #6979 )
2022-05-29 19:45:40 +08:00
cb35b73048
attachment: set CSP header in the serving endpoint ( #6926 )
2022-05-03 17:51:28 +08:00
32c454ba5f
assets: convert usage of go-bindata to Go embed ( #6851 )
...
Co-authored-by: Joe Chen <jc@unknwon.io>
2022-03-17 14:05:09 +08:00
e452d94fc8
autofix: format code with gofumpt and gofmt ( #6803 )
...
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2022-03-06 17:55:17 +08:00
8f6757cc7b
web: correctly handle go-get pages for repository roots ( #6598 )
...
Fixes regression in go-get handling introduced in #6318 .
2021-08-26 13:12:51 +08:00
594a2dc41f
web: correctly serving go-get pages for subdirs ( #6318 )
...
* web: correctly serving go-get page for subdirs
* Update CHANGELOG
* Fix golint error
2020-09-09 20:14:48 +08:00
e79aebb3e1
route: bypass require signin check for trigger repo tasks ( #6079 )
...
* route: bypass require signin check for trigger repo tasks
* CHANGELOG
* Fix lint errors
2020-04-08 20:55:15 +08:00
07818d5fa5
route: no session for routes without UI ( #6066 )
...
Not all routes need session, register session and CSRF middleware as global is a waste of resource, and creating a lot one-time off yet never used session records.
2020-04-05 06:36:08 +08:00
53b91ef306
lfs: run e2e and fix minor issues ( #6059 )
2020-04-05 00:14:22 +08:00
34145c990d
lfs: implement HTTP routes ( #6035 )
...
* Bootstrap with GORM
* Fix lint error
* Set conn max lifetime to one minute
* Fallback to use gorm v1
* Define HTTP routes
* Finish authentication
* Save token updated
* Add docstring
* Finish authorization
* serveBatch rundown
* Define types in lfsutil
* Finish Batch
* authutil
* Finish basic
* Formalize response error
* Fix lint errors
* authutil: add tests
* dbutil: add tests
* lfsutil: add tests
* strutil: add tests
* Formalize 401 response
2020-04-04 21:14:15 +08:00
af0cfe112b
web: rename CSRF header ( #6027 )
2020-03-28 19:17:15 +08:00
14cd16f1f8
csrf: set cookie HttpOnly and Secure ( #6013 )
2020-03-27 00:08:46 +08:00
22717a1c06
webhook: overhaul route handlers ( #6002 )
...
* Overual route handlers and fixes #5366
* Merge routes for repo and org
* Inject OrgRepoContext
* DRY validateWebhook
* DRY c.HasError
* Add tests
* Update CHANGELOG
2020-03-22 22:07:22 +08:00
958d8b6bb4
admin: use POST to run operations ( #5997 )
...
* admin: use POST to run operations
Fixed CSRF reported by Wenxu Wu of Tencent's Xuanwu Lab.
* Update CHANGELOG
2020-03-21 11:47:42 +08:00
a43fc9ad17
ipynb: sanitize rendered HTML ( #5996 )
...
* ipynb: sanitize rendered HTML
Fixes #5170
* Remove hardcode URL
* Add tests
2020-03-21 00:12:38 +08:00
9e9ca66467
refactor: unify error handling in routing layer
2020-03-16 01:22:27 +08:00
17ae0ed3ee
conf: overhaul settings ( #5953 )
...
* Overhaul cache settings
* Overhaul HTTP settings
* conf: overhaul more settings
* log: make LGTM happy
* travis: upload report to Codecov
* Add codecov.yml
2020-02-29 16:29:17 +08:00
d59b0f6ff7
conf: overhaul sessions settings ( #5952 )
2020-02-29 00:26:03 +08:00
7950f2d17d
conf: overhaul auth and user settings ( #5942 )
...
* conf: overhaul auth and user settings
* ci: update travis Go versions
2020-02-27 18:06:38 +08:00
0d6c405ccb
cmd/web: fix wrong ExternalURL when specify port via CLI flag
...
Fixes #5936 .
2020-02-24 21:21:48 +08:00
0c064b1b79
cmd/web: fix error when Unix socket not exists
2020-02-24 21:13:56 +08:00
286fbc07e9
conf: overhaul security settings
2020-02-22 20:46:16 +08:00
d3ecd22dba
cmd: fix unable to find correct custom config
2020-02-22 19:12:31 +08:00
648d9e253c
conf: overhaul server settings ( #5928 )
...
* conf: rename package
* Requires Go 1.12
* Fix lint
* Fix lint
* Overhaul
* db: fix tests
* Save my work
* Fix tests
* Server.UnixSocketPermission
* Server.LocalRootURL
* SSH settings
* Server.OfflineMode
* Save my work
* App.Version
* Remove [server] STATIC_ROOT_PATH
* Server.LandingURL
2020-02-22 09:05:26 +08:00
1c09373b4f
log: migrate to unknwon.dev/clog/v2 ( #5927 )
...
* Add unknwon.dev/clog/v2
* Update all places
2020-02-20 02:25:02 +08:00
4d83fd4238
Use go-bindata to embed `public` and `templates` files into binary ( #5920 )
...
* fixed private repositories are hidden in the organization's view
* use go-bindata integrate public and templates files to gogs binary
* optimize Dockerfile don't COPY public and templates files
* use kevinburke's go-bindata to generate assets code
* reset develepment as default run mode in configure file
* optimize generated assets code relayout and help function
* fixed code format
* Update conf/app.ini
* assets: add LICENSE headers
* Some housekeeping
* assets/public: simplify code logic
* assets/templates: simplify code logic
* cmd/web: more concise variable names
* Minor changes
* Add custom public and templates support back
Co-authored-by: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
2020-02-17 22:48:24 +08:00
dbc66d0405
tls: update default CurvePreferences and CipherSuites ( #5850 )
...
* Enable X25519 curve and reorder curve list to improve key exchange performance
* Enable ECDSA ciphers for EC certs
* Enable CHACHA20_POLY1305 ciphers
* Disable RSA key exchange algorithm which don't provide PFS
* Disable non-AEAD ciphers
Signed-off-by: Kasei Wang <kasei@kasei.im>
2019-11-05 23:09:29 -08:00
390b903c55
web: fix panic when download attachments ( #5838 )
2019-10-24 19:58:30 -07:00
01c8df01ec
internal: move packages under this directory ( #5836 )
...
* Rename pkg -> internal
* Rename routes -> route
* Move route -> internal/route
* Rename models -> db
* Move db -> internal/db
* Fix route2 -> route
* Move cmd -> internal/cmd
* Bump version
2019-10-24 01:51:46 -07:00
Joe Chen
shlande
Michael Li
deepsource-autofix[bot]
James-REANNZ
ᴜɴᴋɴᴡᴏɴ
Kasei