Merge remote-tracking branch 'upstream/main'

* upstream/main:
  Add support for commit cross references (go-gitea#22645)
  Fix missing message in git hook when pull requests disabled on fork (go-gitea#22625)
  Check quota limits for container uploads (go-gitea#22450)
  Consume hcaptcha and pwn deps (go-gitea#22610)
  Issues: add Project filter to issues list and search (go-gitea#22544)
  Improve accessibility of navigation bar and footer (go-gitea#22635)
  Support system hook API (go-gitea#14537)
  Improve checkIfPRContentChanged (go-gitea#22611)

build/generate-go-licenses.go

@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"io/fs"
 	"os"
+	goPath "path"
 	"path/filepath"
 	"regexp"
 	"sort"
@@ -47,13 +48,15 @@ func main() {
 
 	entries := []LicenseEntry{}
 	for _, path := range paths {
+		path := filepath.ToSlash(path)
+
 		licenseText, err := os.ReadFile(path)
 		if err != nil {
 			panic(err)
 		}
 
-		path := strings.Replace(path, base+string(os.PathSeparator), "", 1)
-		name := filepath.Dir(path)
+		path = strings.Replace(path, base+"/", "", 1)
+		name := goPath.Dir(path)
 
 		// There might be a bug somewhere in go-licenses that sometimes interprets the
 		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by

go.mod

@@ -96,8 +96,6 @@ require (
 	github.com/yuin/goldmark v1.5.3
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87
 	github.com/yuin/goldmark-meta v1.1.0
-	go.jolheiser.com/hcaptcha v0.0.4
-	go.jolheiser.com/pwn v0.0.3
 	golang.org/x/crypto v0.4.0
 	golang.org/x/net v0.4.0
 	golang.org/x/oauth2 v0.3.0

go.sum

@@ -1267,10 +1267,6 @@ go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
 go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.jolheiser.com/hcaptcha v0.0.4 h1:RrDERcr/Tz/kWyJenjVtI+V09RtLinXxlAemiwN5F+I=
-go.jolheiser.com/hcaptcha v0.0.4/go.mod h1:aw32WQOxnQZ6E06C0LypCf+sxNxPACyOnq+ZGnrIYho=
-go.jolheiser.com/pwn v0.0.3 h1:MQowb3QvCL5r5NmHmCPxw93SdjfgJ0q6rAwYn4i1Hjg=
-go.jolheiser.com/pwn v0.0.3/go.mod h1:/j5Dl8ftNqqJ8Dlx3YTrJV1wIR2lWOTyrNU3Qe7rk6I=
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
 go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY=

models/issues/issue.go

@@ -1572,6 +1572,7 @@ type IssueStatsOptions struct {
 	RepoID            int64
 	Labels            string
 	MilestoneID       int64
+	ProjectID         int64
 	AssigneeID        int64
 	MentionedID       int64
 	PosterID          int64
@@ -1650,6 +1651,11 @@ func getIssueStatsChunk(opts *IssueStatsOptions, issueIDs []int64) (*IssueStats,
 			sess.And("issue.milestone_id = ?", opts.MilestoneID)
 		}
 
+		if opts.ProjectID > 0 {
+			sess.Join("INNER", "project_issue", "issue.id = project_issue.issue_id").
+				And("project_issue.project_id=?", opts.ProjectID)
+		}
+
 		if opts.AssigneeID > 0 {
 			applyAssigneeCondition(sess, opts.AssigneeID)
 		}

models/webhook/webhook.go

@@ -463,41 +463,6 @@ func CountWebhooksByOpts(opts *ListWebhookOptions) (int64, error) {
 	return db.GetEngine(db.DefaultContext).Where(opts.toCond()).Count(&Webhook{})
 }
 
-// GetDefaultWebhooks returns all admin-default webhooks.
-func GetDefaultWebhooks(ctx context.Context) ([]*Webhook, error) {
-	webhooks := make([]*Webhook, 0, 5)
-	return webhooks, db.GetEngine(ctx).
-		Where("repo_id=? AND org_id=? AND is_system_webhook=?", 0, 0, false).
-		Find(&webhooks)
-}
-
-// GetSystemOrDefaultWebhook returns admin system or default webhook by given ID.
-func GetSystemOrDefaultWebhook(id int64) (*Webhook, error) {
-	webhook := &Webhook{ID: id}
-	has, err := db.GetEngine(db.DefaultContext).
-		Where("repo_id=? AND org_id=?", 0, 0).
-		Get(webhook)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, ErrWebhookNotExist{ID: id}
-	}
-	return webhook, nil
-}
-
-// GetSystemWebhooks returns all admin system webhooks.
-func GetSystemWebhooks(ctx context.Context, isActive util.OptionalBool) ([]*Webhook, error) {
-	webhooks := make([]*Webhook, 0, 5)
-	if isActive.IsNone() {
-		return webhooks, db.GetEngine(ctx).
-			Where("repo_id=? AND org_id=? AND is_system_webhook=?", 0, 0, true).
-			Find(&webhooks)
-	}
-	return webhooks, db.GetEngine(ctx).
-		Where("repo_id=? AND org_id=? AND is_system_webhook=? AND is_active = ?", 0, 0, true, isActive.IsTrue()).
-		Find(&webhooks)
-}
-
 // UpdateWebhook updates information of webhook.
 func UpdateWebhook(w *Webhook) error {
 	_, err := db.GetEngine(db.DefaultContext).ID(w.ID).AllCols().Update(w)
@@ -545,44 +510,3 @@ func DeleteWebhookByOrgID(orgID, id int64) error {
 		OrgID: orgID,
 	})
 }
-
-// DeleteDefaultSystemWebhook deletes an admin-configured default or system webhook (where Org and Repo ID both 0)
-func DeleteDefaultSystemWebhook(id int64) error {
-	ctx, committer, err := db.TxContext(db.DefaultContext)
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	count, err := db.GetEngine(ctx).
-		Where("repo_id=? AND org_id=?", 0, 0).
-		Delete(&Webhook{ID: id})
-	if err != nil {
-		return err
-	} else if count == 0 {
-		return ErrWebhookNotExist{ID: id}
-	}
-
-	if _, err := db.DeleteByBean(ctx, &HookTask{HookID: id}); err != nil {
-		return err
-	}
-
-	return committer.Commit()
-}
-
-// CopyDefaultWebhooksToRepo creates copies of the default webhooks in a new repo
-func CopyDefaultWebhooksToRepo(ctx context.Context, repoID int64) error {
-	ws, err := GetDefaultWebhooks(ctx)
-	if err != nil {
-		return fmt.Errorf("GetDefaultWebhooks: %w", err)
-	}
-
-	for _, w := range ws {
-		w.ID = 0
-		w.RepoID = repoID
-		if err := CreateWebhook(ctx, w); err != nil {
-			return fmt.Errorf("CreateWebhook: %w", err)
-		}
-	}
-	return nil
-}

models/webhook/webhook_system.go

@@ -0,0 +1,81 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package webhook
+
+import (
+	"context"
+	"fmt"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/util"
+)
+
+// GetDefaultWebhooks returns all admin-default webhooks.
+func GetDefaultWebhooks(ctx context.Context) ([]*Webhook, error) {
+	webhooks := make([]*Webhook, 0, 5)
+	return webhooks, db.GetEngine(ctx).
+		Where("repo_id=? AND org_id=? AND is_system_webhook=?", 0, 0, false).
+		Find(&webhooks)
+}
+
+// GetSystemOrDefaultWebhook returns admin system or default webhook by given ID.
+func GetSystemOrDefaultWebhook(ctx context.Context, id int64) (*Webhook, error) {
+	webhook := &Webhook{ID: id}
+	has, err := db.GetEngine(ctx).
+		Where("repo_id=? AND org_id=?", 0, 0).
+		Get(webhook)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrWebhookNotExist{ID: id}
+	}
+	return webhook, nil
+}
+
+// GetSystemWebhooks returns all admin system webhooks.
+func GetSystemWebhooks(ctx context.Context, isActive util.OptionalBool) ([]*Webhook, error) {
+	webhooks := make([]*Webhook, 0, 5)
+	if isActive.IsNone() {
+		return webhooks, db.GetEngine(ctx).
+			Where("repo_id=? AND org_id=? AND is_system_webhook=?", 0, 0, true).
+			Find(&webhooks)
+	}
+	return webhooks, db.GetEngine(ctx).
+		Where("repo_id=? AND org_id=? AND is_system_webhook=? AND is_active = ?", 0, 0, true, isActive.IsTrue()).
+		Find(&webhooks)
+}
+
+// DeleteDefaultSystemWebhook deletes an admin-configured default or system webhook (where Org and Repo ID both 0)
+func DeleteDefaultSystemWebhook(ctx context.Context, id int64) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		count, err := db.GetEngine(ctx).
+			Where("repo_id=? AND org_id=?", 0, 0).
+			Delete(&Webhook{ID: id})
+		if err != nil {
+			return err
+		} else if count == 0 {
+			return ErrWebhookNotExist{ID: id}
+		}
+
+		_, err = db.DeleteByBean(ctx, &HookTask{HookID: id})
+		return err
+	})
+}
+
+// CopyDefaultWebhooksToRepo creates copies of the default webhooks in a new repo
+func CopyDefaultWebhooksToRepo(ctx context.Context, repoID int64) error {
+	ws, err := GetDefaultWebhooks(ctx)
+	if err != nil {
+		return fmt.Errorf("GetDefaultWebhooks: %v", err)
+	}
+
+	for _, w := range ws {
+		w.ID = 0
+		w.RepoID = repoID
+		if err := CreateWebhook(ctx, w); err != nil {
+			return fmt.Errorf("CreateWebhook: %v", err)
+		}
+	}
+	return nil
+}

modules/hcaptcha/error.go

@@ -0,0 +1,47 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package hcaptcha
+
+const (
+	ErrMissingInputSecret           ErrorCode = "missing-input-secret"
+	ErrInvalidInputSecret           ErrorCode = "invalid-input-secret"
+	ErrMissingInputResponse         ErrorCode = "missing-input-response"
+	ErrInvalidInputResponse         ErrorCode = "invalid-input-response"
+	ErrBadRequest                   ErrorCode = "bad-request"
+	ErrInvalidOrAlreadySeenResponse ErrorCode = "invalid-or-already-seen-response"
+	ErrNotUsingDummyPasscode        ErrorCode = "not-using-dummy-passcode"
+	ErrSitekeySecretMismatch        ErrorCode = "sitekey-secret-mismatch"
+)
+
+// ErrorCode is any possible error from hCaptcha
+type ErrorCode string
+
+// String fulfills the Stringer interface
+func (err ErrorCode) String() string {
+	switch err {
+	case ErrMissingInputSecret:
+		return "Your secret key is missing."
+	case ErrInvalidInputSecret:
+		return "Your secret key is invalid or malformed."
+	case ErrMissingInputResponse:
+		return "The response parameter (verification token) is missing."
+	case ErrInvalidInputResponse:
+		return "The response parameter (verification token) is invalid or malformed."
+	case ErrBadRequest:
+		return "The request is invalid or malformed."
+	case ErrInvalidOrAlreadySeenResponse:
+		return "The response parameter has already been checked, or has another issue."
+	case ErrNotUsingDummyPasscode:
+		return "You have used a testing sitekey but have not used its matching secret."
+	case ErrSitekeySecretMismatch:
+		return "The sitekey is not registered with the provided secret."
+	default:
+		return ""
+	}
+}
+
+// Error fulfills the error interface
+func (err ErrorCode) Error() string {
+	return err.String()
+}