"); err != nil {
- return err
- }
- if _, err := tmpBlock.WriteString(html.EscapeString(string(rawBytes))); err != nil {
- return err
+ if int64(len(rawBytes)) <= maxSize {
+ return r.tableRender(ctx, bytes.NewReader(rawBytes), tmpBlock)
+ }
+ return r.fallbackRender(io.MultiReader(bytes.NewReader(rawBytes), input), tmpBlock)
+}
+
+func (Renderer) fallbackRender(input io.Reader, tmpBlock *bufio.Writer) error {
+ _, err := tmpBlock.WriteString("")
+ if err != nil {
+ return err
+ }
+
+ scan := bufio.NewScanner(input)
+ scan.Split(bufio.ScanRunes)
+ for scan.Scan() {
+ switch scan.Text() {
+ case `&`:
+ _, err = tmpBlock.WriteString("&")
+ case `'`:
+ _, err = tmpBlock.WriteString("'") // "'" is shorter than "'" and apos was not in HTML until HTML5.
+ case `<`:
+ _, err = tmpBlock.WriteString("<")
+ case `>`:
+ _, err = tmpBlock.WriteString(">")
+ case `"`:
+ _, err = tmpBlock.WriteString(""") // """ is shorter than """.
+ default:
+ _, err = tmpBlock.Write(scan.Bytes())
}
- if _, err := tmpBlock.WriteString(""); err != nil {
+ if err != nil {
return err
}
- return tmpBlock.Flush()
}
- rd, err := csv.CreateReaderAndDetermineDelimiter(ctx, bytes.NewReader(rawBytes))
+ _, err = tmpBlock.WriteString("")
+ if err != nil {
+ return err
+ }
+ return tmpBlock.Flush()
+}
+
+func (Renderer) tableRender(ctx *markup.RenderContext, input io.Reader, tmpBlock *bufio.Writer) error {
+ rd, err := csv.CreateReaderAndDetermineDelimiter(ctx, input)
if err != nil {
return err
}
diff --git a/modules/markup/csv/csv_test.go b/modules/markup/csv/csv_test.go
index 8c07184b21eeb..3d12be477c745 100644
--- a/modules/markup/csv/csv_test.go
+++ b/modules/markup/csv/csv_test.go
@@ -4,6 +4,8 @@
package markup
import (
+ "bufio"
+ "bytes"
"strings"
"testing"
@@ -29,4 +31,12 @@ func TestRenderCSV(t *testing.T) {
assert.NoError(t, err)
assert.EqualValues(t, v, buf.String())
}
+
+ t.Run("fallbackRender", func(t *testing.T) {
+ var buf bytes.Buffer
+ err := render.fallbackRender(strings.NewReader("1,\n2,"), bufio.NewWriter(&buf))
+ assert.NoError(t, err)
+ want := "1,<a>\n2,<b>" + assert.Equal(t, want, buf.String()) + }) } diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 6e7ce7e67fd3e..13821da44d676 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -13,6 +13,7 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/user" + "code.gitea.io/gitea/modules/util" ) // settings @@ -158,9 +159,11 @@ func loadCommonSettingsFrom(cfg ConfigProvider) error { func loadRunModeFrom(rootCfg ConfigProvider) { rootSec := rootCfg.Section("") RunUser = rootSec.Key("RUN_USER").MustString(user.CurrentUsername()) + // The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches. // Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly. unsafeAllowRunAsRoot := ConfigSectionKeyBool(rootSec, "I_AM_BEING_UNSAFE_RUNNING_AS_ROOT") + unsafeAllowRunAsRoot = unsafeAllowRunAsRoot || util.OptionalBoolParse(os.Getenv("GITEA_I_AM_BEING_UNSAFE_RUNNING_AS_ROOT")).Value() RunMode = os.Getenv("GITEA_RUN_MODE") if RunMode == "" { RunMode = rootSec.Key("RUN_MODE").MustString("prod") diff --git a/modules/structs/user.go b/modules/structs/user.go index c43558be5d2bf..21ecc1479e2b5 100644 --- a/modules/structs/user.go +++ b/modules/structs/user.go @@ -132,10 +132,3 @@ type UserBadgeOption struct { // example: ["badge1","badge2"] BadgeSlugs []string `json:"badge_slugs" binding:"Required"` } - -// BadgeList -// swagger:response BadgeList -type BadgeList struct { - // in:body - Body []Badge `json:"body"` -} diff --git a/modules/util/util.go b/modules/util/util.go index 5c751581965cb..c94fb910471c7 100644 --- a/modules/util/util.go +++ b/modules/util/util.go @@ -212,3 +212,12 @@ func ToFloat64(number any) (float64, error) { func ToPointer[T any](val T) *T { return &val } + +// IfZero returns "def" if "v" is a zero value, otherwise "v" +func IfZero[T comparable](v, def T) T { + var zero T + if v == zero { + return def + } + return v +} diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go index e03862d7b9aa6..471e7d9c4e3f6 100644 --- a/routers/api/v1/swagger/options.go +++ b/routers/api/v1/swagger/options.go @@ -193,7 +193,4 @@ type swaggerParameterBodies struct { // in:body UserBadgeOption api.UserBadgeOption - - // in:body - UserBadgeList api.BadgeList } diff --git a/routers/api/v1/swagger/user.go b/routers/api/v1/swagger/user.go index fb6d185ee7de3..e2ad511d2b966 100644 --- a/routers/api/v1/swagger/user.go +++ b/routers/api/v1/swagger/user.go @@ -48,3 +48,10 @@ type swaggerResponseUserSettings struct { // in:body Body []api.UserSettings `json:"body"` } + +// BadgeList +// swagger:response BadgeList +type swaggerResponseBadgeList struct { + // in:body + Body []api.Badge `json:"body"` +} diff --git a/routers/web/repo/setting/webhook.go b/routers/web/repo/setting/webhook.go index c8e621fac8cd5..1a3549fea4110 100644 --- a/routers/web/repo/setting/webhook.go +++ b/routers/web/repo/setting/webhook.go @@ -588,6 +588,7 @@ func checkWebhook(ctx *context.Context) (*ownerRepoCtx, *webhook.Webhook) { return nil, nil } ctx.Data["BaseLink"] = orCtx.Link + ctx.Data["BaseLinkNew"] = orCtx.LinkNew var w *webhook.Webhook if orCtx.RepoID > 0 { diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go index d84191dca2b17..fafb6ab40efed 100644 --- a/services/actions/notifier_helper.go +++ b/services/actions/notifier_helper.go @@ -157,7 +157,7 @@ func notify(ctx context.Context, input *notifyInput) error { return fmt.Errorf("gitRepo.GetCommit: %w", err) } - if skipWorkflowsForCommit(input, commit) { + if skipWorkflows(input, commit) { return nil } @@ -223,8 +223,8 @@ func notify(ctx context.Context, input *notifyInput) error { return handleWorkflows(ctx, detectedWorkflows, commit, input, ref) } -func skipWorkflowsForCommit(input *notifyInput, commit *git.Commit) bool { - // skip workflow runs with a configured skip-ci string in commit message if the event is push or pull_request(_sync) +func skipWorkflows(input *notifyInput, commit *git.Commit) bool { + // skip workflow runs with a configured skip-ci string in commit message or pr title if the event is push or pull_request(_sync) // https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs skipWorkflowEvents := []webhook_module.HookEventType{ webhook_module.HookEventPush, @@ -233,6 +233,10 @@ func skipWorkflowsForCommit(input *notifyInput, commit *git.Commit) bool { } if slices.Contains(skipWorkflowEvents, input.Event) { for _, s := range setting.Actions.SkipWorkflowStrings { + if input.PullRequest != nil && strings.Contains(input.PullRequest.Issue.Title, s) { + log.Debug("repo %s: skipped run for pr %v because of %s string", input.Repo.RepoPath(), input.PullRequest.Issue.ID, s) + return true + } if strings.Contains(commit.CommitMessage, s) { log.Debug("repo %s with commit %s: skipped run because of %s string", input.Repo.RepoPath(), commit.ID, s) return true diff --git a/services/convert/pull_review.go b/services/convert/pull_review.go index aa7ad68a47856..29a5ab7466b13 100644 --- a/services/convert/pull_review.go +++ b/services/convert/pull_review.go @@ -66,7 +66,7 @@ func ToPullReviewList(ctx context.Context, rl []*issues_model.Review, doer *user result := make([]*api.PullReview, 0, len(rl)) for i := range rl { // show pending reviews only for the user who created them - if rl[i].Type == issues_model.ReviewTypePending && !(doer.IsAdmin || doer.ID == rl[i].ReviewerID) { + if rl[i].Type == issues_model.ReviewTypePending && (doer == nil || (!doer.IsAdmin && doer.ID != rl[i].ReviewerID)) { continue } r, err := ToPullReview(ctx, rl[i], doer) diff --git a/services/convert/pull_review_test.go b/services/convert/pull_review_test.go new file mode 100644 index 0000000000000..68869502802b1 --- /dev/null +++ b/services/convert/pull_review_test.go @@ -0,0 +1,52 @@ +// Copyright 2024 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package convert + +import ( + "testing" + + "code.gitea.io/gitea/models/db" + issues_model "code.gitea.io/gitea/models/issues" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + + "github.com/stretchr/testify/assert" +) + +func Test_ToPullReview(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + review := unittest.AssertExistsAndLoadBean(t, &issues_model.Review{ID: 6}) + assert.EqualValues(t, reviewer.ID, review.ReviewerID) + assert.EqualValues(t, issues_model.ReviewTypePending, review.Type) + + reviewList := []*issues_model.Review{review} + + t.Run("Anonymous User", func(t *testing.T) { + prList, err := ToPullReviewList(db.DefaultContext, reviewList, nil) + assert.NoError(t, err) + assert.Empty(t, prList) + }) + + t.Run("Reviewer Himself", func(t *testing.T) { + prList, err := ToPullReviewList(db.DefaultContext, reviewList, reviewer) + assert.NoError(t, err) + assert.Len(t, prList, 1) + }) + + t.Run("Other User", func(t *testing.T) { + user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) + prList, err := ToPullReviewList(db.DefaultContext, reviewList, user4) + assert.NoError(t, err) + assert.Len(t, prList, 0) + }) + + t.Run("Admin User", func(t *testing.T) { + adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + prList, err := ToPullReviewList(db.DefaultContext, reviewList, adminUser) + assert.NoError(t, err) + assert.Len(t, prList, 1) + }) +} diff --git a/services/webhook/deliver_test.go b/services/webhook/deliver_test.go index 24924ab214e0b..85de1f99047e7 100644 --- a/services/webhook/deliver_test.go +++ b/services/webhook/deliver_test.go @@ -18,6 +18,7 @@ import ( webhook_model "code.gitea.io/gitea/models/webhook" "code.gitea.io/gitea/modules/hostmatcher" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" webhook_module "code.gitea.io/gitea/modules/webhook" "github.com/stretchr/testify/assert" @@ -226,49 +227,29 @@ func TestWebhookDeliverSpecificTypes(t *testing.T) { assert.NoError(t, unittest.PrepareTestDatabase()) type hookCase struct { - gotBody chan []byte + gotBody chan []byte + httpMethod string // default to POST } - cases := map[string]hookCase{ - webhook_module.SLACK: { - gotBody: make(chan []byte, 1), - }, - webhook_module.DISCORD: { - gotBody: make(chan []byte, 1), - }, - webhook_module.DINGTALK: { - gotBody: make(chan []byte, 1), - }, - webhook_module.TELEGRAM: { - gotBody: make(chan []byte, 1), - }, - webhook_module.MSTEAMS: { - gotBody: make(chan []byte, 1), - }, - webhook_module.FEISHU: { - gotBody: make(chan []byte, 1), - }, - webhook_module.MATRIX: { - gotBody: make(chan []byte, 1), - }, - webhook_module.WECHATWORK: { - gotBody: make(chan []byte, 1), - }, - webhook_module.PACKAGIST: { - gotBody: make(chan []byte, 1), - }, + cases := map[string]*hookCase{ + webhook_module.SLACK: {}, + webhook_module.DISCORD: {}, + webhook_module.DINGTALK: {}, + webhook_module.TELEGRAM: {}, + webhook_module.MSTEAMS: {}, + webhook_module.FEISHU: {}, + webhook_module.MATRIX: {httpMethod: "PUT"}, + webhook_module.WECHATWORK: {}, + webhook_module.PACKAGIST: {}, } s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + typ := strings.Split(r.URL.Path, "/")[1] // URL: "/{webhook_type}/other-path" assert.Equal(t, "application/json", r.Header.Get("Content-Type"), r.URL.Path) - - typ := strings.Split(r.URL.Path, "/")[1] // take first segment (after skipping leading slash) - hc := cases[typ] - require.NotNil(t, hc.gotBody, r.URL.Path) - body, err := io.ReadAll(r.Body) - assert.NoError(t, err) - w.WriteHeader(200) - hc.gotBody <- body + assert.Equal(t, util.IfZero(cases[typ].httpMethod, "POST"), r.Method, "webhook test request %q", r.URL.Path) + body, _ := io.ReadAll(r.Body) // read request and send it back to the test by testcase's chan + cases[typ].gotBody <- body + w.WriteHeader(http.StatusNoContent) })) t.Cleanup(s.Close) @@ -276,19 +257,17 @@ func TestWebhookDeliverSpecificTypes(t *testing.T) { data, err := p.JSONPayload() assert.NoError(t, err) - for typ, hc := range cases { - typ := typ - hc := hc + for typ := range cases { + cases[typ].gotBody = make(chan []byte, 1) + typ := typ // TODO: remove this workaround when Go >= 1.22 t.Run(typ, func(t *testing.T) { t.Parallel() hook := &webhook_model.Webhook{ - RepoID: 3, - IsActive: true, - Type: typ, - URL: s.URL + "/" + typ, - HTTPMethod: "POST", - ContentType: 0, // set to 0 so that falling back to default request fails with "invalid content type" - Meta: "{}", + RepoID: 3, + IsActive: true, + Type: typ, + URL: s.URL + "/" + typ, + Meta: "{}", } assert.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook)) @@ -304,10 +283,11 @@ func TestWebhookDeliverSpecificTypes(t *testing.T) { assert.NotNil(t, hookTask) assert.NoError(t, Deliver(context.Background(), hookTask)) + select { - case gotBody := <-hc.gotBody: + case gotBody := <-cases[typ].gotBody: assert.NotEqual(t, string(data), string(gotBody), "request body must be different from the event payload") - assert.Equal(t, hookTask.RequestInfo.Body, string(gotBody), "request body was not saved") + assert.Equal(t, hookTask.RequestInfo.Body, string(gotBody), "delivered webhook payload doesn't match saved request") case <-time.After(5 * time.Second): t.Fatal("waited to long for request to happen") } diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 221b34b7f8138..f835df084dd22 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -17413,21 +17413,6 @@ }, "x-go-package": "code.gitea.io/gitea/modules/structs" }, - "BadgeList": { - "description": "BadgeList", - "type": "object", - "properties": { - "body": { - "description": "in:body", - "type": "array", - "items": { - "$ref": "#/definitions/Badge" - }, - "x-go-name": "Body" - } - }, - "x-go-package": "code.gitea.io/gitea/modules/structs" - }, "Branch": { "description": "Branch represents a repository branch", "type": "object", @@ -24722,7 +24707,7 @@ "parameterBodies": { "description": "parameterBodies", "schema": { - "$ref": "#/definitions/BadgeList" + "$ref": "#/definitions/UserBadgeOption" } }, "redirect": { diff --git a/templates/user/dashboard/milestones.tmpl b/templates/user/dashboard/milestones.tmpl index 7cde02291be70..fd684fcabf581 100644 --- a/templates/user/dashboard/milestones.tmpl +++ b/templates/user/dashboard/milestones.tmpl @@ -62,8 +62,8 @@ {{svg "octicon-triangle-down" 14 "dropdown icon"}}