2014-03-15 04:01:50 -07:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2020-01-09 14:34:25 -07:00
// Copyright 2020 The Gitea Authors. All rights reserved.
2022-11-27 11:20:29 -07:00
// SPDX-License-Identifier: MIT
2014-03-15 04:01:50 -07:00
2016-03-11 09:56:52 -07:00
package context
2014-03-15 04:01:50 -07:00
import (
2021-01-26 08:36:53 -07:00
"context"
"encoding/hex"
2022-02-06 12:28:25 -07:00
"errors"
2022-04-07 11:59:56 -07:00
"fmt"
2016-11-29 14:49:06 -07:00
"html"
2014-03-22 10:44:02 -07:00
"html/template"
2014-04-15 09:27:29 -07:00
"io"
2022-02-06 12:28:25 -07:00
"net"
2014-03-15 04:01:50 -07:00
"net/http"
2018-03-15 14:13:34 -07:00
"net/url"
2017-06-25 18:06:40 -07:00
"path"
2021-01-26 08:36:53 -07:00
"strconv"
2014-03-22 13:40:09 -07:00
"strings"
2014-03-19 06:57:55 -07:00
"time"
2014-03-15 04:01:50 -07:00
2022-04-07 11:59:56 -07:00
"code.gitea.io/gitea/models/db"
2021-11-09 12:57:58 -07:00
"code.gitea.io/gitea/models/unit"
2021-11-24 02:49:20 -07:00
user_model "code.gitea.io/gitea/models/user"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/modules/base"
2021-01-27 07:56:54 -07:00
mc "code.gitea.io/gitea/modules/cache"
2022-01-19 16:26:57 -07:00
"code.gitea.io/gitea/modules/git"
2022-07-22 23:38:03 -07:00
"code.gitea.io/gitea/modules/httpcache"
2021-07-24 09:03:58 -07:00
"code.gitea.io/gitea/modules/json"
2016-11-10 09:24:48 -07:00
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2021-01-26 08:36:53 -07:00
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/translation"
2022-11-17 10:55:15 -07:00
"code.gitea.io/gitea/modules/typesniffer"
2022-04-01 01:47:50 -07:00
"code.gitea.io/gitea/modules/util"
2021-01-30 01:55:53 -07:00
"code.gitea.io/gitea/modules/web/middleware"
2019-08-23 09:40:30 -07:00
2021-01-26 08:36:53 -07:00
"gitea.com/go-chi/cache"
"gitea.com/go-chi/session"
2021-10-13 19:50:23 -07:00
chi "github.com/go-chi/chi/v5"
2023-02-22 12:21:46 -07:00
"github.com/minio/sha256-simd"
2021-01-26 08:36:53 -07:00
"golang.org/x/crypto/pbkdf2"
2014-03-15 04:01:50 -07:00
)
2023-04-13 12:45:33 -07:00
const CookieNameFlash = "gitea_flash"
2021-01-26 08:36:53 -07:00
// Render represents a template render
type Render interface {
Make HTML template functions support context (#24056)
# Background
Golang template is not friendly for large projects, and Golang template
team is quite slow, related:
* `https://github.com/golang/go/issues/54450`
Without upstream support, we can also have our solution to make HTML
template functions support context.
It helps a lot, the above Golang template issue `#54450` explains a lot:
1. It makes `{{Locale.Tr}}` could be used in any template, without
passing unclear `(dict "root" . )` anymore.
2. More and more functions need `context`, like `avatar`, etc, we do not
need to do `(dict "Context" $.Context)` anymore.
3. Many request-related functions could be shared by parent&children
templates, like "user setting" / "system setting"
See the test `TestScopedTemplateSetFuncMap`, one template set, two
`Execute` calls with different `CtxFunc`.
# The Solution
Instead of waiting for upstream, this PR re-uses the escaped HTML
template trees, use `AddParseTree` to add related templates/trees to a
new template instance, then the new template instance can have its own
FuncMap , the function calls in the template trees will always use the
new template's FuncMap.
`template.New` / `template.AddParseTree` / `adding-FuncMap` are all
quite fast, so the performance is not affected.
The details:
1. Make a new `html/template/Template` for `all` templates
2. Add template code to the `all` template
3. Freeze the `all` template, reset its exec func map, it shouldn't
execute any template.
4. When a router wants to render a template by its `name`
1. Find the `name` in `all`
2. Find all its related sub templates
3. Escape all related templates (just like what the html template
package does)
4. Add the escaped parse-trees of related templates into a new (scoped)
`text/template/Template`
5. Add context-related func map into the new (scoped) text template
6. Execute the new (scoped) text template
7. To improve performance, the escaped templates are cached to `template
sets`
# FAQ
## There is a `unsafe` call, is this PR unsafe?
This PR is safe. Golang has strict language definition, it's safe to do
so: https://pkg.go.dev/unsafe#Pointer (1) Conversion of a *T1 to Pointer
to *T2
## What if Golang template supports such feature in the future?
The public structs/interfaces/functions introduced by this PR is quite
simple, the code of `HTMLRender` is not changed too much. It's very easy
to switch to the official mechanism if there would be one.
## Does this PR change the template execution behavior?
No, see the tests (welcome to design more tests if it's necessary)
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-04-20 01:08:58 -07:00
TemplateLookup ( tmpl string ) ( templates . TemplateExecutor , error )
2023-04-07 23:21:50 -07:00
HTML ( w io . Writer , status int , name string , data interface { } ) error
2021-01-26 08:36:53 -07:00
}
2014-03-15 06:17:16 -07:00
// Context represents context of a request.
2014-03-15 04:01:50 -07:00
type Context struct {
2021-10-12 11:11:35 -07:00
Resp ResponseWriter
Req * http . Request
Data map [ string ] interface { } // data used by MVC templates
2021-10-14 19:35:26 -07:00
PageData map [ string ] interface { } // data used by JavaScript modules in one page, it's `window.config.pageData`
2021-10-12 11:11:35 -07:00
Render Render
2021-01-26 08:36:53 -07:00
translation . Locale
2014-07-31 14:25:34 -07:00
Cache cache . Cache
2023-04-13 12:45:33 -07:00
Csrf CSRFProtector
2021-01-30 01:55:53 -07:00
Flash * middleware . Flash
2014-07-25 21:24:27 -07:00
Session session . Store
2017-06-25 18:06:40 -07:00
Link string // current request URL
2017-11-28 02:43:51 -07:00
EscapedLink string
2022-03-22 00:03:22 -07:00
Doer * user_model . User
2014-11-18 09:07:16 -07:00
IsSigned bool
IsBasicAuth bool
2014-03-15 09:03:23 -07:00
2022-03-26 02:04:22 -07:00
ContextUser * user_model . User
Repo * Repository
Org * Organization
2022-03-30 01:42:47 -07:00
Package * Package
2014-03-15 04:01:50 -07:00
}
2022-05-05 07:13:23 -07:00
// Close frees all resources hold by Context
func ( ctx * Context ) Close ( ) error {
var err error
if ctx . Req != nil && ctx . Req . MultipartForm != nil {
err = ctx . Req . MultipartForm . RemoveAll ( ) // remove the temp files buffered to tmp directory
}
// TODO: close opened repo, and more
return err
}
2021-11-16 11:18:25 -07:00
// TrHTMLEscapeArgs runs Tr but pre-escapes all arguments with html.EscapeString.
// This is useful if the locale message is intended to only produce HTML content.
func ( ctx * Context ) TrHTMLEscapeArgs ( msg string , args ... string ) string {
trArgs := make ( [ ] interface { } , len ( args ) )
for i , arg := range args {
trArgs [ i ] = html . EscapeString ( arg )
}
return ctx . Tr ( msg , trArgs ... )
}
2021-01-05 06:05:40 -07:00
// GetData returns the data
func ( ctx * Context ) GetData ( ) map [ string ] interface { } {
return ctx . Data
}
2019-04-07 15:49:34 -07:00
// IsUserSiteAdmin returns true if current user is a site admin
func ( ctx * Context ) IsUserSiteAdmin ( ) bool {
2022-03-22 00:03:22 -07:00
return ctx . IsSigned && ctx . Doer . IsAdmin
2019-04-07 15:49:34 -07:00
}
// IsUserRepoOwner returns true if current user owns current repo
func ( ctx * Context ) IsUserRepoOwner ( ) bool {
return ctx . Repo . IsOwner ( )
}
// IsUserRepoAdmin returns true if current user is admin in current repo
func ( ctx * Context ) IsUserRepoAdmin ( ) bool {
return ctx . Repo . IsAdmin ( )
}
// IsUserRepoWriter returns true if current user has write privilege in current repo
2021-11-09 12:57:58 -07:00
func ( ctx * Context ) IsUserRepoWriter ( unitTypes [ ] unit . Type ) bool {
2019-04-07 15:49:34 -07:00
for _ , unitType := range unitTypes {
if ctx . Repo . CanWrite ( unitType ) {
return true
}
}
return false
}
// IsUserRepoReaderSpecific returns true if current user can read current repo's specific part
2021-11-09 12:57:58 -07:00
func ( ctx * Context ) IsUserRepoReaderSpecific ( unitType unit . Type ) bool {
2019-04-07 15:49:34 -07:00
return ctx . Repo . CanRead ( unitType )
}
// IsUserRepoReaderAny returns true if current user can read any part of current repo
func ( ctx * Context ) IsUserRepoReaderAny ( ) bool {
return ctx . Repo . HasAccess ( )
}
2021-01-24 08:23:05 -07:00
// RedirectToUser redirect to a differently-named user
func RedirectToUser ( ctx * Context , userName string , redirectUserID int64 ) {
2022-12-02 19:48:26 -07:00
user , err := user_model . GetUserByID ( ctx , redirectUserID )
2021-01-24 08:23:05 -07:00
if err != nil {
ctx . ServerError ( "GetUserByID" , err )
return
}
redirectPath := strings . Replace (
2021-11-16 11:18:25 -07:00
ctx . Req . URL . EscapedPath ( ) ,
url . PathEscape ( userName ) ,
url . PathEscape ( user . Name ) ,
2021-01-24 08:23:05 -07:00
1 ,
)
if ctx . Req . URL . RawQuery != "" {
redirectPath += "?" + ctx . Req . URL . RawQuery
}
2022-03-22 21:54:07 -07:00
ctx . Redirect ( path . Join ( setting . AppSubURL , redirectPath ) , http . StatusTemporaryRedirect )
2021-01-24 08:23:05 -07:00
}
2016-11-24 23:51:01 -07:00
// HasAPIError returns true if error occurs in form validation.
func ( ctx * Context ) HasAPIError ( ) bool {
2014-05-05 10:08:01 -07:00
hasErr , ok := ctx . Data [ "HasError" ]
if ! ok {
return false
}
return hasErr . ( bool )
}
2016-11-24 23:51:01 -07:00
// GetErrMsg returns error message
2014-05-05 10:08:01 -07:00
func ( ctx * Context ) GetErrMsg ( ) string {
return ctx . Data [ "ErrorMsg" ] . ( string )
}
2014-03-15 07:52:14 -07:00
// HasError returns true if error occurs in form validation.
2021-12-14 23:59:57 -07:00
// Attention: this function changes ctx.Data and ctx.Flash
2014-03-15 07:52:14 -07:00
func ( ctx * Context ) HasError ( ) bool {
hasErr , ok := ctx . Data [ "HasError" ]
if ! ok {
return false
}
2014-04-13 15:12:07 -07:00
ctx . Flash . ErrorMsg = ctx . Data [ "ErrorMsg" ] . ( string )
ctx . Data [ "Flash" ] = ctx . Flash
2014-03-15 07:52:14 -07:00
return hasErr . ( bool )
}
2015-07-08 04:47:56 -07:00
// HasValue returns true if value of given name exists.
func ( ctx * Context ) HasValue ( name string ) bool {
_ , ok := ctx . Data [ name ]
return ok
}
2018-03-15 14:13:34 -07:00
// RedirectToFirst redirects to first not empty URL
func ( ctx * Context ) RedirectToFirst ( location ... string ) {
for _ , loc := range location {
if len ( loc ) == 0 {
continue
}
2022-03-23 09:12:36 -07:00
// Unfortunately browsers consider a redirect Location with preceding "//" and "/\" as meaning redirect to "http(s)://REST_OF_PATH"
// Therefore we should ignore these redirect locations to prevent open redirects
if len ( loc ) > 1 && loc [ 0 ] == '/' && ( loc [ 1 ] == '/' || loc [ 1 ] == '\\' ) {
continue
}
2018-03-15 14:13:34 -07:00
u , err := url . Parse ( loc )
2020-01-09 14:34:25 -07:00
if err != nil || ( ( u . Scheme != "" || u . Host != "" ) && ! strings . HasPrefix ( strings . ToLower ( loc ) , strings . ToLower ( setting . AppURL ) ) ) {
2018-03-15 14:13:34 -07:00
continue
}
ctx . Redirect ( loc )
return
}
ctx . Redirect ( setting . AppSubURL + "/" )
}
2023-04-13 22:19:11 -07:00
const tplStatus500 base . TplName = "status/500"
2023-03-20 13:56:48 -07:00
2021-12-14 23:59:57 -07:00
// HTML calls Context.HTML and renders the template to HTTP response
2014-07-25 21:24:27 -07:00
func ( ctx * Context ) HTML ( status int , name base . TplName ) {
2015-12-19 23:06:54 -07:00
log . Debug ( "Template: %s" , name )
2021-12-14 23:59:57 -07:00
tmplStartTime := time . Now ( )
2022-02-11 10:08:22 -07:00
if ! setting . IsProd {
ctx . Data [ "TemplateName" ] = name
}
ctx . Data [ "TemplateLoadTimes" ] = func ( ) string {
2021-12-14 23:59:57 -07:00
return strconv . FormatInt ( time . Since ( tmplStartTime ) . Nanoseconds ( ) / 1e6 , 10 ) + "ms"
2021-01-28 21:33:47 -07:00
}
2022-08-08 06:42:36 -07:00
if err := ctx . Render . HTML ( ctx . Resp , status , string ( name ) , templates . BaseVars ( ) . Merge ( ctx . Data ) ) ; err != nil {
2023-04-13 22:19:11 -07:00
if status == http . StatusInternalServerError && name == tplStatus500 {
2023-04-08 06:15:22 -07:00
ctx . PlainText ( http . StatusInternalServerError , "Unable to find HTML templates, the template system is not initialized, or Gitea can't find your template files." )
2021-02-19 21:26:57 -07:00
return
}
2023-04-13 22:19:11 -07:00
err = fmt . Errorf ( "failed to render template: %s, error: %s" , name , templates . HandleTemplateRenderingError ( err ) )
2021-01-26 08:36:53 -07:00
ctx . ServerError ( "Render failed" , err )
}
}
2021-12-14 23:59:57 -07:00
// RenderToString renders the template content to a string
func ( ctx * Context ) RenderToString ( name base . TplName , data map [ string ] interface { } ) ( string , error ) {
2021-01-26 08:36:53 -07:00
var buf strings . Builder
2022-03-22 21:54:07 -07:00
err := ctx . Render . HTML ( & buf , http . StatusOK , string ( name ) , data )
2021-01-26 08:36:53 -07:00
return buf . String ( ) , err
2014-03-20 04:50:26 -07:00
}
2014-03-15 07:52:14 -07:00
// RenderWithErr used for page has form validation but need to prompt error to users.
2014-07-25 21:24:27 -07:00
func ( ctx * Context ) RenderWithErr ( msg string , tpl base . TplName , form interface { } ) {
2014-04-03 12:50:55 -07:00
if form != nil {
2021-01-30 01:55:53 -07:00
middleware . AssignForm ( form , ctx . Data )
2014-04-03 12:50:55 -07:00
}
2014-04-10 13:36:50 -07:00
ctx . Flash . ErrorMsg = msg
ctx . Data [ "Flash" ] = ctx . Flash
2021-04-05 08:30:52 -07:00
ctx . HTML ( http . StatusOK , tpl )
2014-03-15 07:52:14 -07:00
}
2018-01-10 14:34:17 -07:00
// NotFound displays a 404 (Not Found) page and prints the given error, if any.
2021-12-14 23:59:57 -07:00
func ( ctx * Context ) NotFound ( logMsg string , logErr error ) {
ctx . notFoundInternal ( logMsg , logErr )
2019-04-09 11:10:42 -07:00
}
2021-12-14 23:59:57 -07:00
func ( ctx * Context ) notFoundInternal ( logMsg string , logErr error ) {
if logErr != nil {
2022-01-29 13:52:37 -07:00
log . Log ( 2 , log . DEBUG , "%s: %v" , logMsg , logErr )
2021-10-20 07:37:19 -07:00
if ! setting . IsProd {
2021-12-14 23:59:57 -07:00
ctx . Data [ "ErrorMsg" ] = logErr
2014-05-01 15:53:41 -07:00
}
2014-03-19 01:48:45 -07:00
}
2021-12-14 23:59:57 -07:00
// response simple message if Accept isn't text/html
showHTML := false
for _ , part := range ctx . Req . Header [ "Accept" ] {
if strings . Contains ( part , "text/html" ) {
showHTML = true
break
2021-04-01 08:11:42 -07:00
}
2021-12-14 23:59:57 -07:00
}
2021-04-01 08:11:42 -07:00
2021-12-14 23:59:57 -07:00
if ! showHTML {
2022-01-29 13:52:37 -07:00
ctx . plainTextInternal ( 3 , http . StatusNotFound , [ ] byte ( "Not found.\n" ) )
2021-12-14 23:59:57 -07:00
return
2021-04-01 08:11:42 -07:00
}
2019-02-19 16:09:47 -07:00
ctx . Data [ "IsRepo" ] = ctx . Repo . Repository != nil
2018-01-10 14:34:17 -07:00
ctx . Data [ "Title" ] = "Page Not Found"
ctx . HTML ( http . StatusNotFound , base . TplName ( "status/404" ) )
}
2021-12-14 23:59:57 -07:00
// ServerError displays a 500 (Internal Server Error) page and prints the given error, if any.
func ( ctx * Context ) ServerError ( logMsg string , logErr error ) {
ctx . serverErrorInternal ( logMsg , logErr )
2019-04-09 11:10:42 -07:00
}
2021-12-14 23:59:57 -07:00
func ( ctx * Context ) serverErrorInternal ( logMsg string , logErr error ) {
if logErr != nil {
log . ErrorWithSkip ( 2 , "%s: %v" , logMsg , logErr )
2022-03-10 13:23:15 -07:00
if _ , ok := logErr . ( * net . OpError ) ; ok || errors . Is ( logErr , & net . OpError { } ) {
2022-02-06 12:28:25 -07:00
// This is an error within the underlying connection
// and further rendering will not work so just return
return
}
2023-04-13 22:19:11 -07:00
// it's safe to show internal error to admin users, and it helps
if ! setting . IsProd || ( ctx . Doer != nil && ctx . Doer . IsAdmin ) {
2023-04-19 06:40:42 -07:00
ctx . Data [ "ErrorMsg" ] = fmt . Sprintf ( "%s, %s" , logMsg , logErr )
2018-01-10 14:34:17 -07:00
}
2014-05-01 15:53:41 -07:00
}
2018-01-10 14:34:17 -07:00
ctx . Data [ "Title" ] = "Internal Server Error"
2023-04-13 22:19:11 -07:00
ctx . HTML ( http . StatusInternalServerError , tplStatus500 )
2014-03-15 04:01:50 -07:00
}
2016-08-30 02:08:38 -07:00
// NotFoundOrServerError use error check function to determine if the error
2021-12-14 23:59:57 -07:00
// is about not found. It responds with 404 status code for not found error,
2016-08-30 02:08:38 -07:00
// or error context description for logging purpose of 500 server error.
2023-04-13 22:19:11 -07:00
func ( ctx * Context ) NotFoundOrServerError ( logMsg string , errCheck func ( error ) bool , logErr error ) {
if errCheck ( logErr ) {
ctx . notFoundInternal ( logMsg , logErr )
2016-07-25 11:48:17 -07:00
return
}
2023-04-13 22:19:11 -07:00
ctx . serverErrorInternal ( logMsg , logErr )
2021-12-14 23:59:57 -07:00
}
2016-07-25 11:48:17 -07:00
2021-12-14 23:59:57 -07:00
// PlainTextBytes renders bytes as plain text
2022-01-29 13:52:37 -07:00
func ( ctx * Context ) plainTextInternal ( skip , status int , bs [ ] byte ) {
statusPrefix := status / 100
if statusPrefix == 4 || statusPrefix == 5 {
log . Log ( skip , log . TRACE , "plainTextInternal (status=%d): %s" , status , string ( bs ) )
2021-12-14 23:59:57 -07:00
}
ctx . Resp . Header ( ) . Set ( "Content-Type" , "text/plain;charset=utf-8" )
2022-01-22 11:32:35 -07:00
ctx . Resp . Header ( ) . Set ( "X-Content-Type-Options" , "nosniff" )
2022-11-17 10:55:15 -07:00
ctx . Resp . WriteHeader ( status )
2021-12-14 23:59:57 -07:00
if _ , err := ctx . Resp . Write ( bs ) ; err != nil {
2022-01-29 13:52:37 -07:00
log . ErrorWithSkip ( skip , "plainTextInternal (status=%d): write bytes failed: %v" , status , err )
2021-12-14 23:59:57 -07:00
}
2016-07-25 11:48:17 -07:00
}
2022-01-29 13:52:37 -07:00
// PlainTextBytes renders bytes as plain text
func ( ctx * Context ) PlainTextBytes ( status int , bs [ ] byte ) {
ctx . plainTextInternal ( 2 , status , bs )
}
2021-12-14 23:59:57 -07:00
// PlainText renders content as plain text
func ( ctx * Context ) PlainText ( status int , text string ) {
2022-01-29 13:52:37 -07:00
ctx . plainTextInternal ( 2 , status , [ ] byte ( text ) )
2021-01-26 08:36:53 -07:00
}
2021-12-14 23:59:57 -07:00
// RespHeader returns the response header
func ( ctx * Context ) RespHeader ( ) http . Header {
return ctx . Resp . Header ( )
2015-03-28 07:30:05 -07:00
}
2022-11-17 10:55:15 -07:00
type ServeHeaderOptions struct {
ContentType string // defaults to "application/octet-stream"
ContentTypeCharset string
2022-11-24 07:25:13 -07:00
ContentLength * int64
2022-11-17 10:55:15 -07:00
Disposition string // defaults to "attachment"
Filename string
CacheDuration time . Duration // defaults to 5 minutes
2022-11-24 07:25:13 -07:00
LastModified time . Time
2022-11-17 10:55:15 -07:00
}
2022-03-30 01:42:47 -07:00
// SetServeHeaders sets necessary content serve headers
2022-11-17 10:55:15 -07:00
func ( ctx * Context ) SetServeHeaders ( opts * ServeHeaderOptions ) {
header := ctx . Resp . Header ( )
contentType := typesniffer . ApplicationOctetStream
if opts . ContentType != "" {
if opts . ContentTypeCharset != "" {
contentType = opts . ContentType + "; charset=" + strings . ToLower ( opts . ContentTypeCharset )
} else {
contentType = opts . ContentType
}
}
header . Set ( "Content-Type" , contentType )
header . Set ( "X-Content-Type-Options" , "nosniff" )
2022-11-24 07:25:13 -07:00
if opts . ContentLength != nil {
header . Set ( "Content-Length" , strconv . FormatInt ( * opts . ContentLength , 10 ) )
}
2022-11-17 10:55:15 -07:00
if opts . Filename != "" {
disposition := opts . Disposition
if disposition == "" {
disposition = "attachment"
}
backslashEscapedName := strings . ReplaceAll ( strings . ReplaceAll ( opts . Filename , ` \ ` , ` \\ ` ) , ` " ` , ` \" ` ) // \ -> \\, " -> \"
header . Set ( "Content-Disposition" , fmt . Sprintf ( ` %s; filename="%s"; filename*=UTF-8''%s ` , disposition , backslashEscapedName , url . PathEscape ( opts . Filename ) ) )
header . Set ( "Access-Control-Expose-Headers" , "Content-Disposition" )
}
duration := opts . CacheDuration
if duration == 0 {
duration = 5 * time . Minute
}
2023-03-08 13:40:04 -07:00
httpcache . SetCacheControlInHeader ( header , duration )
2022-11-24 07:25:13 -07:00
if ! opts . LastModified . IsZero ( ) {
header . Set ( "Last-Modified" , opts . LastModified . UTC ( ) . Format ( http . TimeFormat ) )
}
2022-03-30 01:42:47 -07:00
}
2016-11-24 23:51:01 -07:00
// ServeContent serves content to http request
2022-11-24 07:25:13 -07:00
func ( ctx * Context ) ServeContent ( r io . ReadSeeker , opts * ServeHeaderOptions ) {
ctx . SetServeHeaders ( opts )
http . ServeContent ( ctx . Resp , ctx . Req , opts . Filename , opts . LastModified , r )
2021-01-26 08:36:53 -07:00
}
2022-03-30 01:42:47 -07:00
// UploadStream returns the request body or the first form file
// Only form files need to get closed.
func ( ctx * Context ) UploadStream ( ) ( rd io . ReadCloser , needToClose bool , err error ) {
contentType := strings . ToLower ( ctx . Req . Header . Get ( "Content-Type" ) )
if strings . HasPrefix ( contentType , "application/x-www-form-urlencoded" ) || strings . HasPrefix ( contentType , "multipart/form-data" ) {
if err := ctx . Req . ParseMultipartForm ( 32 << 20 ) ; err != nil {
return nil , false , err
}
if ctx . Req . MultipartForm . File == nil {
return nil , false , http . ErrMissingFile
}
for _ , files := range ctx . Req . MultipartForm . File {
if len ( files ) > 0 {
r , err := files [ 0 ] . Open ( )
return r , true , err
}
}
return nil , false , http . ErrMissingFile
}
return ctx . Req . Body , false , nil
}
2021-01-26 08:36:53 -07:00
// Error returned an error to web browser
func ( ctx * Context ) Error ( status int , contents ... string ) {
2022-01-20 10:46:10 -07:00
v := http . StatusText ( status )
2021-01-26 08:36:53 -07:00
if len ( contents ) > 0 {
v = contents [ 0 ]
}
http . Error ( ctx . Resp , v , status )
}
// JSON render content as JSON
func ( ctx * Context ) JSON ( status int , content interface { } ) {
2021-01-29 06:42:47 -07:00
ctx . Resp . Header ( ) . Set ( "Content-Type" , "application/json;charset=utf-8" )
2021-01-27 14:46:22 -07:00
ctx . Resp . WriteHeader ( status )
2021-01-26 08:36:53 -07:00
if err := json . NewEncoder ( ctx . Resp ) . Encode ( content ) ; err != nil {
ctx . ServerError ( "Render JSON failed" , err )
}
}
2023-04-26 23:06:45 -07:00
func removeSessionCookieHeader ( w http . ResponseWriter ) {
cookies := w . Header ( ) [ "Set-Cookie" ]
w . Header ( ) . Del ( "Set-Cookie" )
for _ , cookie := range cookies {
if strings . HasPrefix ( cookie , setting . SessionConfig . CookieName + "=" ) {
continue
}
w . Header ( ) . Add ( "Set-Cookie" , cookie )
}
}
2021-12-14 23:59:57 -07:00
// Redirect redirects the request
2021-01-26 08:36:53 -07:00
func ( ctx * Context ) Redirect ( location string , status ... int ) {
2022-03-22 21:54:07 -07:00
code := http . StatusSeeOther
2021-01-26 08:36:53 -07:00
if len ( status ) == 1 {
code = status [ 0 ]
}
2023-04-26 23:06:45 -07:00
if strings . Contains ( location , "://" ) || strings . HasPrefix ( location , "//" ) {
// Some browsers (Safari) have buggy behavior for Cookie + Cache + External Redirection, eg: /my-path => https://other/path
// 1. the first request to "/my-path" contains cookie
// 2. some time later, the request to "/my-path" doesn't contain cookie (caused by Prevent web tracking)
// 3. Gitea's Sessioner doesn't see the session cookie, so it generates a new session id, and returns it to browser
// 4. then the browser accepts the empty session, then the user is logged out
// So in this case, we should remove the session cookie from the response header
removeSessionCookieHeader ( ctx . Resp )
}
2021-01-26 08:36:53 -07:00
http . Redirect ( ctx . Resp , ctx . Req , location , code )
}
2023-04-13 12:45:33 -07:00
// SetSiteCookie convenience function to set most cookies consistently
2021-03-07 01:12:43 -07:00
// CSRF and a few others are the exception here
2023-04-13 12:45:33 -07:00
func ( ctx * Context ) SetSiteCookie ( name , value string , maxAge int ) {
middleware . SetSiteCookie ( ctx . Resp , name , value , maxAge )
2021-03-07 01:12:43 -07:00
}
2023-04-13 12:45:33 -07:00
// DeleteSiteCookie convenience function to delete most cookies consistently
2021-03-07 01:12:43 -07:00
// CSRF and a few others are the exception here
2023-04-13 12:45:33 -07:00
func ( ctx * Context ) DeleteSiteCookie ( name string ) {
middleware . SetSiteCookie ( ctx . Resp , name , "" , - 1 )
2021-01-26 08:36:53 -07:00
}
2023-04-13 12:45:33 -07:00
// GetSiteCookie returns given cookie value from request header.
func ( ctx * Context ) GetSiteCookie ( name string ) string {
return middleware . GetSiteCookie ( ctx . Req , name )
2021-01-26 08:36:53 -07:00
}
// GetSuperSecureCookie returns given cookie value from request header with secret string.
func ( ctx * Context ) GetSuperSecureCookie ( secret , name string ) ( string , bool ) {
2023-04-13 12:45:33 -07:00
val := ctx . GetSiteCookie ( name )
2021-03-07 01:12:43 -07:00
return ctx . CookieDecrypt ( secret , val )
}
// CookieDecrypt returns given value from with secret string.
func ( ctx * Context ) CookieDecrypt ( secret , val string ) ( string , bool ) {
2021-01-26 08:36:53 -07:00
if val == "" {
return "" , false
}
text , err := hex . DecodeString ( val )
if err != nil {
return "" , false
}
key := pbkdf2 . Key ( [ ] byte ( secret ) , [ ] byte ( secret ) , 1000 , 16 , sha256 . New )
2022-04-01 01:47:50 -07:00
text , err = util . AESGCMDecrypt ( key , text )
2021-01-26 08:36:53 -07:00
return string ( text ) , err == nil
}
// SetSuperSecureCookie sets given cookie value to response header with secret string.
2023-04-13 12:45:33 -07:00
func ( ctx * Context ) SetSuperSecureCookie ( secret , name , value string , maxAge int ) {
2021-03-07 01:12:43 -07:00
text := ctx . CookieEncrypt ( secret , value )
2023-04-13 12:45:33 -07:00
ctx . SetSiteCookie ( name , text , maxAge )
2021-03-07 01:12:43 -07:00
}
// CookieEncrypt encrypts a given value using the provided secret
func ( ctx * Context ) CookieEncrypt ( secret , value string ) string {
2021-01-26 08:36:53 -07:00
key := pbkdf2 . Key ( [ ] byte ( secret ) , [ ] byte ( secret ) , 1000 , 16 , sha256 . New )
2022-04-01 01:47:50 -07:00
text , err := util . AESGCMEncrypt ( key , [ ] byte ( value ) )
2021-01-26 08:36:53 -07:00
if err != nil {
panic ( "error encrypting cookie: " + err . Error ( ) )
}
2021-03-07 01:12:43 -07:00
return hex . EncodeToString ( text )
2021-01-26 08:36:53 -07:00
}
// GetCookieInt returns cookie result in int type.
func ( ctx * Context ) GetCookieInt ( name string ) int {
2023-04-13 12:45:33 -07:00
r , _ := strconv . Atoi ( ctx . GetSiteCookie ( name ) )
2021-01-26 08:36:53 -07:00
return r
}
// GetCookieInt64 returns cookie result in int64 type.
func ( ctx * Context ) GetCookieInt64 ( name string ) int64 {
2023-04-13 12:45:33 -07:00
r , _ := strconv . ParseInt ( ctx . GetSiteCookie ( name ) , 10 , 64 )
2021-01-26 08:36:53 -07:00
return r
}
// GetCookieFloat64 returns cookie result in float64 type.
func ( ctx * Context ) GetCookieFloat64 ( name string ) float64 {
2023-04-13 12:45:33 -07:00
v , _ := strconv . ParseFloat ( ctx . GetSiteCookie ( name ) , 64 )
2021-01-26 08:36:53 -07:00
return v
}
// RemoteAddr returns the client machie ip address
func ( ctx * Context ) RemoteAddr ( ) string {
return ctx . Req . RemoteAddr
}
// Params returns the param on route
func ( ctx * Context ) Params ( p string ) string {
s , _ := url . PathUnescape ( chi . URLParam ( ctx . Req , strings . TrimPrefix ( p , ":" ) ) )
return s
}
// ParamsInt64 returns the param on route as int64
func ( ctx * Context ) ParamsInt64 ( p string ) int64 {
v , _ := strconv . ParseInt ( ctx . Params ( p ) , 10 , 64 )
return v
}
// SetParams set params into routes
func ( ctx * Context ) SetParams ( k , v string ) {
2021-05-30 23:18:11 -07:00
chiCtx := chi . RouteContext ( ctx )
2021-01-26 08:36:53 -07:00
chiCtx . URLParams . Add ( strings . TrimPrefix ( k , ":" ) , url . PathEscape ( v ) )
}
2021-12-14 23:59:57 -07:00
// Write writes data to web browser
2021-01-26 08:36:53 -07:00
func ( ctx * Context ) Write ( bs [ ] byte ) ( int , error ) {
return ctx . Resp . Write ( bs )
}
// Written returns true if there are something sent to web browser
func ( ctx * Context ) Written ( ) bool {
return ctx . Resp . Status ( ) > 0
}
// Status writes status code
func ( ctx * Context ) Status ( status int ) {
ctx . Resp . WriteHeader ( status )
}
2021-05-30 23:18:11 -07:00
// Deadline is part of the interface for context.Context and we pass this to the request context
func ( ctx * Context ) Deadline ( ) ( deadline time . Time , ok bool ) {
return ctx . Req . Context ( ) . Deadline ( )
}
// Done is part of the interface for context.Context and we pass this to the request context
func ( ctx * Context ) Done ( ) <- chan struct { } {
return ctx . Req . Context ( ) . Done ( )
}
// Err is part of the interface for context.Context and we pass this to the request context
func ( ctx * Context ) Err ( ) error {
return ctx . Req . Context ( ) . Err ( )
}
// Value is part of the interface for context.Context and we pass this to the request context
func ( ctx * Context ) Value ( key interface { } ) interface { } {
2022-01-19 16:26:57 -07:00
if key == git . RepositoryContextKey && ctx . Repo != nil {
return ctx . Repo . GitRepo
}
Append `(comment)` when a link points at a comment rather than the whole issue (#23734)
Close #23671
For the feature mentioned above, this PR append ' (comment)' to the
rendered html if it is a hashcomment.
After the PR, type in the following
```
pull request from other repo:
http://localhost:3000/testOrg/testOrgRepo/pulls/2
pull request from this repo:
http://localhost:3000/aaa/testA/pulls/2
issue comment from this repo:
http://localhost:3000/aaa/testA/issues/1#issuecomment-18
http://localhost:3000/aaa/testA/pulls/2#issue-9
issue comment from other repo:
http://localhost:3000/testOrg/testOrgRepo/pulls/2#issuecomment-24
http://localhost:3000/testOrg/testOrgRepo/pulls/2#issue
```
Gives:
<img width="687" alt="截屏2023-03-27 13 53 06"
src="https://user-images.githubusercontent.com/17645053/227852387-2b218e0d-3468-4d90-ad81-d702ddd17fd2.png">
Other than the above feature, this PR also includes two other changes:
1 Right now, the render of links from file changed tab in pull request
might not be very proper, for example, if type in the following. (not
sure if this is an issue or design, if not an issue, I will revert the
changes). example on
[try.gitea.io](https://try.gitea.io/HesterG/testrepo/pulls/1)
```
https://try.gitea.io/HesterG/testrepo/pulls/1/files#issuecomment-162725
https://try.gitea.io/HesterG/testrepo/pulls/1/files
```
it will render the following
<img width="899" alt="截屏2023-03-24 15 41 37"
src="https://user-images.githubusercontent.com/17645053/227456117-5eccedb7-9118-4540-929d-aee9a76de852.png">
In this PR, skip processing the link into a ref issue if it is a link
from files changed tab in pull request
After:
type in following
```
hash comment on files changed tab:
http://localhost:3000/testOrg/testOrgRepo/pulls/2/files#issuecomment-24
files changed link:
http://localhost:3000/testOrg/testOrgRepo/pulls/2/files
```
Gives
<img width="708" alt="截屏2023-03-27 22 09 02"
src="https://user-images.githubusercontent.com/17645053/227964273-5dc06c50-3713-489c-b05d-d95367d0ab0f.png">
2 Right now, after editing the comment area, there will not be tippys
attached to `ref-issue`; and no tippy attached on preview as well.
example:
https://user-images.githubusercontent.com/17645053/227850540-5ae34e2d-b1d7-4d0d-9726-7701bf825d1f.mov
In this PR, in frontend, make sure tippy is added after editing the
comment, and to the comment on preview tab
After:
https://user-images.githubusercontent.com/17645053/227853777-06f56b4c-1148-467c-b6f7-f79418e67504.mov
2023-04-03 01:02:57 -07:00
if key == translation . ContextKey && ctx . Locale != nil {
return ctx . Locale
}
2021-05-30 23:18:11 -07:00
return ctx . Req . Context ( ) . Value ( key )
}
2022-04-07 11:59:56 -07:00
// SetTotalCountHeader set "X-Total-Count" header
func ( ctx * Context ) SetTotalCountHeader ( total int64 ) {
ctx . RespHeader ( ) . Set ( "X-Total-Count" , fmt . Sprint ( total ) )
ctx . AppendAccessControlExposeHeaders ( "X-Total-Count" )
}
// AppendAccessControlExposeHeaders append headers by name to "Access-Control-Expose-Headers" header
func ( ctx * Context ) AppendAccessControlExposeHeaders ( names ... string ) {
val := ctx . RespHeader ( ) . Get ( "Access-Control-Expose-Headers" )
if len ( val ) != 0 {
ctx . RespHeader ( ) . Set ( "Access-Control-Expose-Headers" , fmt . Sprintf ( "%s, %s" , val , strings . Join ( names , ", " ) ) )
} else {
ctx . RespHeader ( ) . Set ( "Access-Control-Expose-Headers" , strings . Join ( names , ", " ) )
}
}
2021-01-26 08:36:53 -07:00
// Handler represents a custom handler
type Handler func ( * Context )
2021-12-14 23:59:57 -07:00
type contextKeyType struct { }
var contextKey interface { } = contextKeyType { }
2021-01-26 08:36:53 -07:00
// WithContext set up install context in request
func WithContext ( req * http . Request , ctx * Context ) * http . Request {
return req . WithContext ( context . WithValue ( req . Context ( ) , contextKey , ctx ) )
}
// GetContext retrieves install context from request
func GetContext ( req * http . Request ) * Context {
2023-04-13 12:45:33 -07:00
if ctx , ok := req . Context ( ) . Value ( contextKey ) . ( * Context ) ; ok {
return ctx
}
return nil
2021-01-26 08:36:53 -07:00
}
2021-09-28 06:13:04 -07:00
// GetContextUser returns context user
2021-11-24 02:49:20 -07:00
func GetContextUser ( req * http . Request ) * user_model . User {
2021-09-28 06:13:04 -07:00
if apiContext , ok := req . Context ( ) . Value ( apiContextKey ) . ( * APIContext ) ; ok {
2022-03-22 00:03:22 -07:00
return apiContext . Doer
2021-09-28 06:13:04 -07:00
}
if ctx , ok := req . Context ( ) . Value ( contextKey ) . ( * Context ) ; ok {
2022-03-22 00:03:22 -07:00
return ctx . Doer
2021-09-28 06:13:04 -07:00
}
return nil
}
2021-01-26 08:36:53 -07:00
func getCsrfOpts ( ) CsrfOptions {
return CsrfOptions {
Secret : setting . SecretKey ,
Cookie : setting . CSRFCookieName ,
SetCookie : true ,
Secure : setting . SessionConfig . Secure ,
CookieHTTPOnly : setting . CSRFCookieHTTPOnly ,
Header : "X-Csrf-Token" ,
CookieDomain : setting . SessionConfig . Domain ,
CookiePath : setting . SessionConfig . CookiePath ,
2021-03-07 01:12:43 -07:00
SameSite : setting . SessionConfig . SameSite ,
2021-01-26 08:36:53 -07:00
}
2014-04-10 11:37:43 -07:00
}
2014-07-25 21:24:27 -07:00
// Contexter initializes a classic context for a request.
2022-08-28 02:43:25 -07:00
func Contexter ( ctx context . Context ) func ( next http . Handler ) http . Handler {
2023-04-30 05:22:23 -07:00
rnd := templates . HTMLRenderer ( )
2022-01-20 10:46:10 -07:00
csrfOpts := getCsrfOpts ( )
2022-04-07 22:21:05 -07:00
if ! setting . IsProd {
CsrfTokenRegenerationInterval = 5 * time . Second // in dev, re-generate the tokens more aggressively for debug purpose
}
2021-01-26 08:36:53 -07:00
return func ( next http . Handler ) http . Handler {
return http . HandlerFunc ( func ( resp http . ResponseWriter , req * http . Request ) {
2022-01-20 10:46:10 -07:00
locale := middleware . Locale ( resp , req )
startTime := time . Now ( )
link := setting . AppSubURL + strings . TrimSuffix ( req . URL . EscapedPath ( ) , "/" )
2021-12-16 10:40:18 -07:00
2022-01-20 10:46:10 -07:00
ctx := Context {
2021-01-26 08:36:53 -07:00
Resp : NewResponse ( resp ) ,
2021-01-27 07:56:54 -07:00
Cache : mc . GetCache ( ) ,
2021-01-26 08:36:53 -07:00
Locale : locale ,
Link : link ,
Render : rnd ,
Session : session . GetSession ( req ) ,
Repo : & Repository {
PullRequest : & PullRequest { } ,
} ,
Org : & Organization { } ,
Data : map [ string ] interface { } {
"CurrentURL" : setting . AppSubURL + req . URL . RequestURI ( ) ,
"PageStartTime" : startTime ,
2021-01-28 21:33:47 -07:00
"Link" : link ,
2021-10-21 00:37:43 -07:00
"RunModeIsProd" : setting . IsProd ,
2021-01-26 08:36:53 -07:00
} ,
}
2022-05-05 07:13:23 -07:00
defer ctx . Close ( )
2021-10-14 19:35:26 -07:00
// PageData is passed by reference, and it will be rendered to `window.config.pageData` in `head.tmpl` for JavaScript modules
2021-10-12 11:11:35 -07:00
ctx . PageData = map [ string ] interface { } { }
ctx . Data [ "PageData" ] = ctx . PageData
2022-01-19 16:26:57 -07:00
ctx . Data [ "Context" ] = & ctx
2021-01-26 08:36:53 -07:00
ctx . Req = WithContext ( req , & ctx )
2023-04-13 12:45:33 -07:00
ctx . Csrf = PrepareCSRFProtector ( csrfOpts , & ctx )
2021-01-26 08:36:53 -07:00
2023-04-13 12:45:33 -07:00
// Get the last flash message from cookie
lastFlashCookie := middleware . GetSiteCookie ( ctx . Req , CookieNameFlash )
if vals , _ := url . ParseQuery ( lastFlashCookie ) ; len ( vals ) > 0 {
// store last Flash message into the template data, to render it
ctx . Data [ "Flash" ] = & middleware . Flash {
2021-01-26 08:36:53 -07:00
DataStore : & ctx ,
Values : vals ,
ErrorMsg : vals . Get ( "error" ) ,
SuccessMsg : vals . Get ( "success" ) ,
InfoMsg : vals . Get ( "info" ) ,
WarningMsg : vals . Get ( "warning" ) ,
}
}
2023-04-13 12:45:33 -07:00
// prepare an empty Flash message for current request
ctx . Flash = & middleware . Flash { DataStore : & ctx , Values : url . Values { } }
2021-01-26 08:36:53 -07:00
ctx . Resp . Before ( func ( resp ResponseWriter ) {
2023-04-13 12:45:33 -07:00
if val := ctx . Flash . Encode ( ) ; val != "" {
middleware . SetSiteCookie ( ctx . Resp , CookieNameFlash , val , 0 )
} else if lastFlashCookie != "" {
middleware . SetSiteCookie ( ctx . Resp , CookieNameFlash , "" , - 1 )
2021-01-26 08:36:53 -07:00
}
} )
// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
if ctx . Req . Method == "POST" && strings . Contains ( ctx . Req . Header . Get ( "Content-Type" ) , "multipart/form-data" ) {
if err := ctx . Req . ParseMultipartForm ( setting . Attachment . MaxSize << 20 ) ; err != nil && ! strings . Contains ( err . Error ( ) , "EOF" ) { // 32MB max size
ctx . ServerError ( "ParseMultipartForm" , err )
return
}
}
2018-08-26 19:23:27 -07:00
2023-03-08 13:40:04 -07:00
httpcache . SetCacheControlInHeader ( ctx . Resp . Header ( ) , 0 , "no-transform" )
2021-08-06 13:47:10 -07:00
ctx . Resp . Header ( ) . Set ( ` X-Frame-Options ` , setting . CORSConfig . XFrameOptions )
2021-01-26 08:36:53 -07:00
2023-04-13 12:45:33 -07:00
ctx . Data [ "CsrfToken" ] = ctx . Csrf . GetToken ( )
2021-01-26 08:36:53 -07:00
ctx . Data [ "CsrfTokenHtml" ] = template . HTML ( ` <input type="hidden" name="_csrf" value=" ` + ctx . Data [ "CsrfToken" ] . ( string ) + ` "> ` )
2021-05-04 14:48:31 -07:00
// FIXME: do we really always need these setting? There should be someway to have to avoid having to always set these
2021-01-26 08:36:53 -07:00
ctx . Data [ "IsLandingPageHome" ] = setting . LandingPageURL == setting . LandingPageHome
ctx . Data [ "IsLandingPageExplore" ] = setting . LandingPageURL == setting . LandingPageExplore
ctx . Data [ "IsLandingPageOrganizations" ] = setting . LandingPageURL == setting . LandingPageOrganizations
ctx . Data [ "ShowRegistrationButton" ] = setting . Service . ShowRegistrationButton
ctx . Data [ "ShowMilestonesDashboardPage" ] = setting . Service . ShowMilestonesDashboardPage
2023-04-22 16:38:25 -07:00
ctx . Data [ "ShowFooterVersion" ] = setting . Other . ShowFooterVersion
2021-01-26 08:36:53 -07:00
ctx . Data [ "EnableSwagger" ] = setting . API . EnableSwagger
ctx . Data [ "EnableOpenIDSignIn" ] = setting . Service . EnableOpenIDSignIn
ctx . Data [ "DisableMigrations" ] = setting . Repository . DisableMigrations
2021-04-15 09:53:57 -07:00
ctx . Data [ "DisableStars" ] = setting . Repository . DisableStars
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 18:45:19 -07:00
ctx . Data [ "EnableActions" ] = setting . Actions . Enabled
2021-01-26 08:36:53 -07:00
ctx . Data [ "ManifestData" ] = setting . ManifestData
2021-11-09 12:57:58 -07:00
ctx . Data [ "UnitWikiGlobalDisabled" ] = unit . TypeWiki . UnitGlobalDisabled ( )
ctx . Data [ "UnitIssuesGlobalDisabled" ] = unit . TypeIssues . UnitGlobalDisabled ( )
ctx . Data [ "UnitPullsGlobalDisabled" ] = unit . TypePullRequests . UnitGlobalDisabled ( )
ctx . Data [ "UnitProjectsGlobalDisabled" ] = unit . TypeProjects . UnitGlobalDisabled ( )
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 18:45:19 -07:00
ctx . Data [ "UnitActionsGlobalDisabled" ] = unit . TypeActions . UnitGlobalDisabled ( )
2021-05-04 14:48:31 -07:00
2022-06-27 13:58:46 -07:00
ctx . Data [ "locale" ] = locale
2021-01-26 08:36:53 -07:00
ctx . Data [ "AllLangs" ] = translation . AllLangs ( )
2020-12-22 04:13:50 -07:00
2021-01-26 08:36:53 -07:00
next . ServeHTTP ( ctx . Resp , ctx . Req )
2021-08-04 10:26:30 -07:00
// Handle adding signedUserName to the context for the AccessLogger
usernameInterface := ctx . Data [ "SignedUserName" ]
identityPtrInterface := ctx . Req . Context ( ) . Value ( signedUserNameStringPointerKey )
if usernameInterface != nil && identityPtrInterface != nil {
username := usernameInterface . ( string )
identityPtr := identityPtrInterface . ( * string )
if identityPtr != nil && username != "" {
* identityPtr = username
}
}
2021-01-26 08:36:53 -07:00
} )
2014-03-15 04:01:50 -07:00
}
}
2022-04-07 11:59:56 -07:00
// SearchOrderByMap represents all possible search order
var SearchOrderByMap = map [ string ] map [ string ] db . SearchOrderBy {
"asc" : {
"alpha" : db . SearchOrderByAlphabetically ,
"created" : db . SearchOrderByOldest ,
"updated" : db . SearchOrderByLeastUpdated ,
"size" : db . SearchOrderBySize ,
"id" : db . SearchOrderByID ,
} ,
"desc" : {
"alpha" : db . SearchOrderByAlphabeticallyReverse ,
"created" : db . SearchOrderByNewest ,
"updated" : db . SearchOrderByRecentUpdated ,
"size" : db . SearchOrderBySizeReverse ,
"id" : db . SearchOrderByIDReverse ,
} ,
}