Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Git LFS support v2 #122

Merged
merged 37 commits into from
Dec 26, 2016
Merged

Git LFS support v2 #122

merged 37 commits into from
Dec 26, 2016

Conversation

fabian-z
Copy link
Contributor

@fabian-z fabian-z commented Nov 8, 2016

Requested in #80

This PR implements Git LFS support for Gitea, supporting the legacy v1 API as well as the current batch v1 API.

Originally imported LFS server code base from https://github.com/git-lfs/lfs-test-server.
Rebased from original PR gogs/gogs#3868 for Gitea, considering inital review in #120.

Features:

  • Uses recommended paths with HTTP and SSH remotes, no custom user settings necessary
  • Supports basic authentication with user credentials
  • Supports authentication with SSH (passing JWT under the hood)
  • Supports no authentication when pulling public repositories (however git-lfs still asks for credentials, where the prompt can be skipped - likely a bug in git-lfs) (Workaround for git-lfs bug applied in d1a2dca)
  • Settings transparently integrated into installation process
  • Removes LFS objects when repositories are deleted. Works with forks (e.g. when parent repository is deleted)

Notes:

  • LFS installation setting does not show added locale strings because bindata is not regenerated in this PR (as requested by @strk in Git LFS support #120)

Sorry for my misunderstanding regarding this projects state. Looking forward to working together with you! 😄

@codecov-io
Copy link

codecov-io commented Nov 8, 2016

Current coverage is 3.00% (diff: 0.94%)

Merging #122 into master will decrease coverage by 0.03%

@@            master      #122   diff @@
========================================
  Files           33        34     +1   
  Lines         8106      8200    +94   
  Methods          0         0          
  Messages         0         0          
  Branches         0         0          
========================================
  Hits           246       246          
- Misses        7840      7934    +94   
  Partials        20        20          

Powered by Codecov. Last update bd13c81...64c6905

@lunny lunny added type/proposal The new feature has not been accepted yet but needs to be discussed first. type/feature Completely new functionality. Can only be merged if feature freeze is not active. labels Nov 9, 2016
@lunny lunny added this to the 1.1.0 milestone Nov 9, 2016
@lunny
Copy link
Member

lunny commented Nov 9, 2016

Great!

@lunny
Copy link
Member

lunny commented Nov 9, 2016

This will resolved #80

}
}

if _, err = sess.Exec("DELETE FROM `lfs_meta_object` WHERE repository_id=?", repoID); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if err := sess.Delete(&LFSMetaObject{RepositoryID: repoID}); err != nil {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed in a2945dd

@tboerger
Copy link
Member

As far as I can say LGTM

@lunny
Copy link
Member

lunny commented Nov 12, 2016

but how to test it?

@fabian-z
Copy link
Contributor Author

fabian-z commented Nov 12, 2016

If you are referring to functional testing, I did a fair bit of that with this code as of 316b012. Since it uses the recommended HTTP endpoints and should be feature complete, testing actions would be identical to using LFS with GitHub:
HTTP and SSH auth push/pull/clone, fork repository with LFS files and delete parent repo, try pushing LFS files without write access, etc.
GitHub provides some example usage to get started.

Regarding unit tests, it may be possible to adapt some of the tests originally found in lfs-test-server in the long run. Since the module interacts with a lot of subsystems in Gitea, it will be quite challenging to do for a large part of the actual server code. Content store tests should not be as difficult.

"time"
)

type LFSMetaObject struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lfs version? v1 or v2?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what you mean, technically with LFS there's currently only the v1 legacy API, v1 batch API and the v1.3 batch API (which is only a slightly extended version of v1 batch). The LFSMetaObject model should fit all API versions currently specified.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean maybe we should store the version of the object for a format.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think there is anything more to store about the object. The object itself does not have any notion of versioning - it's basically just a sha256 hash stored together with the object size. If the tracked file changes, a new meta object will be generated on push (with the new hash).
But maybe I still got you wrong - please don't hesitate to explain your point to me if this is the case 😄

}

func requireAuth(ctx *context.Context) {
ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gogs-lfs")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gitea-lfs :)

ID int64 `xorm:"pk autoincr"`
Oid string `xorm:"INDEX NOT NULL"`
Size int64 `xorm:"NOT NULL"`
RepositoryID int64 `xorm:"NOT NULL"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding an index xorm tag to RepositoryID and an unique index to Oid and RepositoryID is better.


//Check that no other repository references this object
var matchedOidObjects []*LFSMetaObject
if err = sess.Where("oid=?", v.Oid).Find(&matchedOidObjects); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use Count is better.

func (s *ContentStore) Get(meta *models.LFSMetaObject, fromByte int64) (io.Reader, error) {
path := filepath.Join(s.basePath, transformKey(meta.Oid))

f, err := os.Open(path)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

f is not be closed

Copy link
Contributor Author

@fabian-z fabian-z Nov 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! I'll file this as an issue/PR with the lfs-test-server guys.

Copy link
Contributor Author

@fabian-z fabian-z Nov 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out the issue was already filed as git-lfs/lfs-test-server#49 with the lfs-test-server project since it makes unit tests on Windows fail. I'm personally more in favor of returning an *os.File handle instead of an io.ReadCloser.
EDIT: Since the file is not opened with a read-only flag, it may be more sensible to return an ReadCloser. I changed my last commit accordingly.

@fabian-z
Copy link
Contributor Author

@lunny
Thanks for your review! I changed the aspects you pointed out in my commits after 6814bdc. I had to rebase to test my changes since I run into hook rejected errors on pushing (most likely related to #151).

@lunny
Copy link
Member

lunny commented Nov 13, 2016

@fabian-z Great work! I have tested this according to github's lfs document and it passed. After your change, I will test it again and I wish this PR could be merged ASAP.

@lunny
Copy link
Member

lunny commented Nov 13, 2016

And I think maybe you could add some information on runWeb() functions if StartLfsServer is true. i.e. LFS server is enabled. I think #151 should have been resolved, if you have any problem, please fire an issue.

@fabian-z
Copy link
Contributor Author

fabian-z commented Nov 13, 2016

Glad to hear it worked well for you!
#151 errors disappeared for me after rebasing, so I think it should be resolved.

I added some informational logging in runWeb() as you suggested, however it is worth noting that this info log will most likely not appear directly after installation, but it will log on subsequent starts of Gitea. This is why I had to make the module stateless in 316b012.

If I'm not mistaken I should have incorporated all reviews, so feel free to merge if there are no issues left from your side.

@lunny
Copy link
Member

lunny commented Nov 14, 2016

Another question, on Gitea UI, we can see something like

version https://git-lfs.github.com/spec/v1
oid sha256:5e9676cedcd87dd0909bf7007bfba571354f61d728deb52a426a3be105ba3774
size 110981778

but I think maybe it should not be shown to user, user should see binary and could download it.

@lunny
Copy link
Member

lunny commented Nov 14, 2016

see https://github.com/lunny/lfs-test/blob/master/Docker.dmg, when you view a lfs file on UI. It will show Stored with Git LFS and you can download it, but not show the meta information. If you can do like github, it's perfect.

@fabian-z
Copy link
Contributor Author

fabian-z commented Nov 14, 2016

Good idea, I forgot about the UI part initially. I implemented this in 2b02b04 and 041748e. Also, with d1a2dca the module now works around git-lfs/git-lfs#1088, so when pulling/cloning public repositories the git-lfs client does not ask for authentication credentials anymore. Also did a trivial rebase to remove a merge conflict in cmd/serve.go.

@lunny If you could crosscheck the functionality of my latest changes - especially regarding authentication, I think we are good to go!

@lunny
Copy link
Member

lunny commented Nov 15, 2016

Great work. Only delete the lfs file will return 500 error.

 [...uters/repo/editor.go:362 DeleteFilePost()] [E] DeleteRepoFile: UpdateLocalCopyBranch [branch: master]: git clone master: exit status 128 - Cloning into 'data/tmp/local-rpeo/2'...
done.
Downloading Docker.dmg (105.84 MB)
Error downloading object: Docker.dmg (5e9676cedcd87dd0909bf7007bfba571354f61d728deb52a426a3be105ba3774)

Errors logged to /Users/lunny/gopath/src/code.gitea.io/gitea/data/tmp/local-rpeo/2/.git/lfs/objects/logs/20161115T150134.939368495.log
Use `git lfs logs last` to view the log.
error: external filter git-lfs smudge -- %f failed 2
error: external filter git-lfs smudge -- %f failed
fatal: Docker.dmg: smudge filter lfs failed
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry the checkout with 'git checkout -f HEAD'

It seems to ask the server installed lfs plugin?

@fabian-z
Copy link
Contributor Author

fabian-z commented Nov 15, 2016

I just checked and since Gitea has to use the git command to checkout the repository, it seems to fail if it is running under a user that has installed the git-lfs hooks. Without the hooks it does a regular checkout and deletes the metadata file without any problem.

So I think there are two three possibilities:

  1. Document the user needs to run Gitea under a OS user that does not have the LFS hooks installed
  2. Remove the option to delete LFS stored files from the UI
  3. Change git invocation (see below)

IMHO the first third option would be the most sensible choice. Without the hooks it will only download the tiny metadata files that are actually stored in the git repository.

@fabian-z
Copy link
Contributor Author

fabian-z commented Nov 15, 2016

A third option: Make git ignore the filters from command line invocation.
EDIT: My last commit wrongly changed the vendored code.gitea.io/git, so I removed it again, see the attached patch below.

This option will require git v2.1.2 as of git/git@a789ca7 and will need a patch in code.gitea.io/git:

From 5801cdb3b037395c3c9cd0758fe1088ab9675317 Mon Sep 17 00:00:00 2001
From: Fabian <fabian.zaremba@nf-design.eu>
Date: Tue, 15 Nov 2016 13:22:11 +0100
Subject: [PATCH] Ignore LFS hooks on git command invocation

---
 command.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/command.go b/command.go
index f7fce67..dbf3919 100644
--- a/command.go
+++ b/command.go
@@ -28,9 +28,10 @@ func (c *Command) String() string {

 // NewCommand creates and returns a new Git Command based on given command and arguments.
 func NewCommand(args ...string) *Command {
+   ignoreLFS := []string{"-c", "filter.lfs.required=", "-c", "filter.lfs.smudge=", "-c", "filter.lfs.clean="}
    return &Command{
        name: "git",
-       args: args,
+       args: append(ignoreLFS, args...),
    }
 }

-- 
2.10.2


@lunny
Copy link
Member

lunny commented Nov 16, 2016

I think the third method should be OK. But maybe we should add the ignore flags from gitea repo but not change git repo. When delete a file, if it's a lfs file, give a lfs ingore flag to the function to do that?

@fabian-z
Copy link
Contributor Author

fabian-z commented Nov 16, 2016

Unfortunately, it is not just deleting a file. It may let any git operation involving clone, commit, etc. fail.
I just tested and it is also not possible to e.g. create a new file or edit a file when the hooks are applied for the Gitea OS user.

I did not find any usage of the NewCommand function in Gitea, every invocation seems to be in the code.gitea.io/git repository, some I'm not sure how it would be possible to efficiently pass a flag for not just one but many git operations without changing a lot of code.

@fabian-z
Copy link
Contributor Author

To put in my two cents: The code.gitea.io/git repository is built for automated interaction with git repositories by using the command-line git client. The git client itself is perfectly suited for that interaction. However, the git-lfs addon client does not play nice with this automated interaction (prompting for authentication, etc.). So it would seem reasonable to me to generally disable the hooks when git is used by this package.

@fabian-z
Copy link
Contributor Author

fabian-z commented Dec 25, 2016

I fixed the conflicts by rebasing on top of current master and corrected lint errors in my last commit. Also a not before claim was added to the SSH authentication JWT token, which should improve security.
All LFS features are working fine in my tests. I hope this is ready for merging now and look forward to your final testing and feedback!

@lunny
Copy link
Member

lunny commented Dec 26, 2016

let LGTM work

@lunny lunny merged commit 2e7ccec into go-gitea:master Dec 26, 2016
@fabian-z
Copy link
Contributor Author

@lunny Thank you for your great review! Nice this got merged as the polished feature it is now.

@lunny
Copy link
Member

lunny commented Dec 26, 2016

@fabian-z Thanks for your great contribution. :)

avelino pushed a commit to avelino/gitea that referenced this pull request Dec 29, 2016
* github.com:go-gitea/gitea: (110 commits)
  add default values for SSH settings (go-gitea#500)
  slight optimization for GetUserRepositories (go-gitea#498)
  commithgraph / timeline (go-gitea#428)
  Permissions bug fix for webhooks
  Implementation of Folder Jumping
  Replace Gogs with Gitea (go-gitea#520)
  API endpoints for organization teams (go-gitea#370)
  Optimization for user.GetRepositoryAccesses to reduce db query times (go-gitea#495)
  Remove redundant query in collaborator API (go-gitea#516)
  ignore static files statstics for linguist
  Fix default cookie name
  fix installation page ssh domain unavilable
  fix 500 when delete orgnization and resolved go-gitea#486
  At the locales replaced 6 with MIN_PASSWORD_LENGTH
  Added Dutch translations to the landingpage
  Improve the way how branches are deleted
  Improve issue references in markdown (go-gitea#471)
  API Endpoints for collaborators (go-gitea#375)
  Git LFS support v2 (go-gitea#122)
  Provide button to delete merged pull request (go-gitea#441)
  ...
ethantkoenig added a commit to ethantkoenig/gitea that referenced this pull request Jan 27, 2017
* Bug fix for edit-hook API endpoint

* Fixes issue go-gitea#283

Delete old temp local copy before we create a new temp local copy

* In the wiki title replace tab with a space (go-gitea#371)

* Correction LDAP validation (go-gitea#342)

* Correction LDAP username validation

As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it.

* Check for zero length passwords in LDAP module.

According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD.

* Clearing the login/email spaces at the [start/end]

* Autogenerate Version on build (go-gitea#190)

* Autogenerate Version On Build

* Fixes

* Changed Version to v0.9.0

* balls

* I hate newlines

* Don't remove .VERSION-file on `make clean`

* v0.9.0 => 1.0.0

* damn new-lines...

* Always rebuild templates/.VERSION

* Delete .VERSION

* Update Makefile

* bug fixed branch name for pushupdate (go-gitea#380)

* Don't use custom PBKDF2 function (go-gitea#382)

* fixed vulnerabilities (go-gitea#392)

* Update example install url from try.gogs.io to try.gitea.io (go-gitea#385)

* Update example install url from try.gogs.io to try.gitea.io

* Ask if issue can be reproduced on try.gitea.io

* Link try.gitea.io to the README

* Fixing multiple docker issues (go-gitea#386)

* Added stupid docker task to makefile

* Dropped unknown option PrintLastLog from docker ssh config

* OpenSSH should log to docker stdout

* Set random pw for docker git user, otherwise it is locked

* Stop using templates and public within docker

* Disable coverage report for now (go-gitea#395)

Until aircover gets updated so that it works again I have disabled to
coverage report upload for now.

* fixed vulnerabilities on deleting release (go-gitea#399)

* Revert "Disable coverage report for now" (go-gitea#400)

* Update gitea/sdk vendor (go-gitea#406)

* Fix typo (go-gitea#407)

* Remove fixed FIXME (go-gitea#408)

* fixed vulnerabilities labels (go-gitea#409)

* add ZH readme (go-gitea#405)

* Add support for using "libravatar" as the GravatarSource

Just to make it easier for administrator to configure libre avatar,
as it is done for "duoshuo" and "gravatar"

* serve video files using the HTML5 video tag (go-gitea#418)

* serve video files using the HTML5 video tag

* lint fix: add comment to IsVideoFile

* change test mail subject and body to 'Gitea Test Mail!'

Signed-off-by: Michael de Wit <mjwwit@gmail.com>

* Fix random string generator (go-gitea#384)

* Remove unused custom-alphabet feature of random string generator

Fix random string generator

Random string generator should return error if it fails to read random data via crypto/rand

* Fixes variable (un)initialization mixed assign
Update test GetRandomString

* Change default Android theme color meta tag (go-gitea#389)

* Do not override the binary version name from drone (go-gitea#436)

Signed-off-by: Thomas Boerger <tboerger@suse.de>

* Remove remaining Gogs reference on locales and cmd (go-gitea#430)

* Add Korean support (go-gitea#437)

* Add Korean support

* replace Gogs to Gitea

* Update locales (go-gitea#440)

* Update locales

* replace Gogs to Gitea

* Fix homepage docs link broken (go-gitea#417)

* fix homepage docs link broken

* fix homepage docs links after docs updated

* Fix string format verbs (go-gitea#3637)

* issue comment api fix (go-gitea#449)

* ListAllInRepo & Delete Issue-Comments

* Moar data in issue-comments

* Bug fixes and tests for modules/base (go-gitea#442)

Also address other TODOs

* UpdateIssueUsersByMentions was calling database write operations while (go-gitea#443)

a transaction session was in progress. MailParticipants was failing
silently because of the SQLITE_LOCKED error. Make sure failures in
MailParticipants enter the log, and pass on the transaction context.

issue: let caller pass in database context, and use it
issue_comment: obtain database context to pass to UpdateIssueMentions
issue_comment: log any error from call to MailParticipants
issue_mail: pass on database context to UpdateIssueMentions

* update code.gitea.io/git (go-gitea#450)

* init script gentoo (go-gitea#447)

* init script for gentoo (go-gitea#3761)

* replace Gogs to Gitea

* remove override port number

* remove port

* New settings option for a custom SSH host (go-gitea#3763) (go-gitea#446)

* New settings option for a custom SSH host (go-gitea#3763)

* let default ssh listen addr empty

* fix bug go-gitea#1122 log.smtp receiver configure error (go-gitea#3602) (go-gitea#451)

* Check if file is a symlink with web editor (go-gitea#3687) (go-gitea#445)

* Check if file is a symlink with web editor (go-gitea#3687)

* editor checks for symlinks

* translate file_is_a_symlink message

* credit translation author

* fix error constant

* fix tag webhook 404 error (go-gitea#420)

* Bindata is optional and over-writable on restart (go-gitea#354)

* Moved conf assets into options folder

* Dropped old bindata

* Started to integrate options bindata and accessors

* Do not enforce a builtin app.ini

* Replaced bindata calls with options

* Dropped bindata task from makefile, it's the generate task now

* Always embedd app.ini to provide sane config defaults

* Use sane defaults for the configuration

* Defined default value for SSH_KEYGEN_PATH

* Dropped "NEVER EVER MODIFY THIS FILE" header from app.ini

* Fixed new paths in latest test additions

* Drop bindata with make clean task

* Set more proper default values

* resolved go-gitea#394 (go-gitea#396)

* Change screenshoots to Gitea (go-gitea#454)

* Fix race condition in unit test (go-gitea#456)

* Add default values for settings (go-gitea#455)

* add default values for settings

* more default values

* more default settings and labels resource

* mv locale to options

* Integrated an initial changelog (go-gitea#457)

* Simplified README and added a release badge (go-gitea#460)

* Dropped the status from readme, it's anway always outdated

* Added version badge

* Cleaned the install instructions

* Dropped paragraphs that should be documented on the docs

* Simplified the content, refer to the website

* Dropped the logo, lets show screenshots

* Fixed TRANSLATORS link

* update zh readme (go-gitea#462)

* Fix broken godoc link and add arch in English README (go-gitea#463)

* fix broken godoc link and add arch in English README

* typo

* Fixed drone tagging

* Properly handle drone tags and release/* branches (go-gitea#466)

* Raised version to 1.1.0 (go-gitea#468)

* Enables mssql support (go-gitea#383)

* Enables mssql support

Port of dlobs work in gogs.
Enables options in index.js
Enables MSSQL as a database option in go.
Sets ID to 0 on initial migration. Required for
MSSQL insert statements.

Signed-off-by: Beau Trepp <beautrepp@gmail.com>

* Vendors in denisenkom/go-mssqldb

Includes golang.org/x/crypto/md4
as this is required by go-msssqldb

Signed-off-by: Beau Trepp <beautrepp@gmail.com>

* API Endpoint for watching (go-gitea#191)

* Bug fixes for Issues filters (go-gitea#413)

Correctly handle simultaneous assignee/poster filters, and conflicting assignee filters

* Added minimum password length to app.ini (go-gitea#223)

* Added sorting to the labels & milestones page (go-gitea#199)

* Simplified MinPasswordLength check (go-gitea#475)

* Added sorting to organizations, repos & users page (go-gitea#222)

* Organization webhook API endpoints

* Update sdk

* Implement sendmail (go-gitea#355)

* Implemented sendmail. This piggybacks on existing configuration to keep the change simple

* Changed privicy of new sendSMTP and sendSendmail functions

* Fixed Lint errors

* Seperated SMTP and sendmail into their own senders

* Making new structs private as they should not be used externally now

* Added sendmail setting to ini file

* Minor code cleanup

* Provide button to delete merged pull request (go-gitea#441)

* provide button to delete merged pull request

* golint fix

* Git LFS support v2 (go-gitea#122)

* Import github.com/git-lfs/lfs-test-server as lfs module base

Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198

Removed:

Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go
.dockerignore .gitignore README.md

* Remove config, add JWT support from github.com/mgit-at/lfs-test-server

Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83

* Add LFS settings

* Add LFS meta object model

* Add LFS routes and initialization

* Import github.com/dgrijalva/jwt-go into vendor/

* Adapt LFS module: handlers, routing, meta store

* Move LFS routes to /user/repo/info/lfs/*

* Add request header checks to LFS BatchHandler / PostHandler

* Implement LFS basic authentication

* Rework JWT secret generation / load

* Implement LFS SSH token authentication with JWT

Specification: https://github.com/github/git-lfs/tree/master/docs/api

* Integrate LFS settings into install process

* Remove LFS objects when repository is deleted

Only removes objects from content store when deleted repo is the only
referencing repository

* Make LFS module stateless

Fixes bug where LFS would not work after installation without
restarting Gitea

* Change 500 'Internal Server Error' to 400 'Bad Request'

* Change sql query to xorm call

* Remove unneeded type from LFS module

* Change internal imports to code.gitea.io/gitea/

* Add Gitea authors copyright

* Change basic auth realm to "gitea-lfs"

* Add unique indexes to LFS model

* Use xorm count function in LFS check on repository delete

* Return io.ReadCloser from content store and close after usage

* Add LFS info to runWeb()

* Export LFS content store base path

* LFS file download from UI

* Work around git-lfs client issue with unauthenticated requests

Returning a dummy Authorization header for unauthenticated requests
lets git-lfs client skip asking for auth credentials
See: git-lfs/git-lfs#1088

* Fix unauthenticated UI downloads from public repositories

* Authentication check order, Finish LFS file view logic

* Ignore LFS hooks if installed for current OS user

Fixes Gitea UI actions for repositories tracking LFS files.
Checks for minimum needed git version by parsing the semantic version
string.

* Hide LFS metafile diff from commit view, marking as binary

* Show LFS notice if file in commit view is tracked

* Add notbefore/nbf JWT claim

* Correct lint suggestions - comments for structs and functions

- Add comments to LFS model
- Function comment for GetRandomBytesAsBase64
- LFS server function comments and lint variable suggestion

* Move secret generation code out of conditional

Ensures no LFS code may run with an empty secret

* Do not hand out JWT tokens if LFS server support is disabled

* API Endpoints for collaborators (go-gitea#375)

* Improve issue references in markdown (go-gitea#471)

* Improve issue references in markdown. (go-gitea#3436)

* Fix build

* Fix lint

* Fix comment typo

* Improve the way how branches are deleted

Delete branch from HeadRepo instead of BaseRepo
Prevent the deletion of a master branch
Show a yes/no overlay when you press the delete branch button

* Added Dutch translations to the landingpage

* At the locales replaced 6 with MIN_PASSWORD_LENGTH

* fix 500 when delete orgnization and resolved go-gitea#486

* fix installation page ssh domain unavilable

* Fix default cookie name

* ignore static files statstics for linguist

* Remove redundant query in collaborator API (go-gitea#516)

* Optimization for user.GetRepositoryAccesses to reduce db query times (go-gitea#495)

* optimization for user.GetRepositoryAccesses to reduce db query times

* fix missing cache

* API endpoints for organization teams (go-gitea#370)

* Replace Gogs with Gitea (go-gitea#520)

* Implementation of Folder Jumping

* Permissions bug fix for webhooks

* commithgraph / timeline (go-gitea#428)

* Add model and tests for graph

* Add route and router for graph

* Add assets for graph

* Add template for graph

* slight optimization for GetUserRepositories (go-gitea#498)

* add default values for SSH settings (go-gitea#500)

* Repo permission bug fixes (go-gitea#513)

* Cache users on list releases (go-gitea#527)

* Tab on user profile to show starred repos (go-gitea#519)

* Tab on user profile to show starred repos

* Make golint happy and use transactions on StarRepo function

* x -> sess

* Use sess.Close() instead of sess.Rollback()

* Add copyright

* Fix lint

* Speed up conflict checking in pull request creation (go-gitea#276)

* Speed up conflict checking in pull request creation

In order to check conflicts of a PR, we set up a working tree by
cloning the base branch, which is quite time-consuming when the repository is huge.
Instead, this PR uses `git read-tree` and `git apply --check --cached` to check conflicts.

For go-gitea#258

* Use $GIT_INDEX_FILE instead of --index-output to avoid lockfile problem

The lockfile gets renamed to the final destination after the operation
finishes. But it must be located in the same filesystem, which prevents
us from using /tmp.

* Temporary file names should not prefixed with '-'

* push + pull now works with reverse proxy + basic auth on apache 2.4

* Notification - Step 1 (go-gitea#523)

* Notification - Step 1

* Add copyright headers

* Cache issue and repository on notification model

* Fix URL link on CONTRIBUTING

Signed-off-by: Thibault Meyer <meyer.thibault@gmail.com>

* Notifications - Step 2

* fix gofmt error

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* replcae go fmt with gofmt command.

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* Updated Dutch translations

* Support http service graceful restart (go-gitea#416)

* support http service graceful restart

* fix dependencies

* API endpoints for forks (go-gitea#509)

* Restrict creating organisations by user (go-gitea#193)

* restrict creating organizations based on right on user

* revert bindata.go

* reverse vendor lib

* revert goimports change

* set AllowCreateOrganization default value to true

* revert locale

* added default value for AllowCreateOrganization

* fix typo in migration-comment

* fix comment

* add coments in migration

* fix windows build broken by go-gitea#416

* Unit tests for token and update models

* resolved go-gitea#485: when migrate empty wiki repo, then ignore (go-gitea#541)

* Fix wrong anchors for non-latin headings (go-gitea#3981) (go-gitea#512)

Change Javascript regular expression to match non-latin characters
The regex comes from here: http://stackoverflow.com/questions/150033/regular-expression-to-match-non-english-characters#comment22322603_150078

And this patch should fixed these two issues: go-gitea#3919 go-gitea#3843

* resolved go-gitea#517: fix admin ui data row missing

* Replace pull request with issue at issue_template (go-gitea#547)

* Apply dockerfile updates to raspberry dockerfile (go-gitea#548)

* UI config to toggle whether user email shows up in Explore Users (go-gitea#336)

* UI config to toggle whether user email shows up in Explore Users

* Recommendation made by @tboerger
go-gitea@66a1c59#r94122732

* fixed typo, rename ShowUserEmailInExplore to ShowUserEmail

* Fixed typo merged conflict

* Hide email in the user profile page

if you are active ShowUserEmail
ref go-gitea#336 (comment)

* Please replace MustBool() with MustBool(true)

* Makefile: on Windows, executable should have ".exe" (go-gitea#550)

* Release API endpoints

* Provide description for the INSTALL_LOCK config option (go-gitea#554)

* fix config session missing data row & resolved go-gitea#517 (go-gitea#549)

* Do not get count on /api routers

* More fine graned colors

* Showing index in front of issue title

* change the default action when deleting a release to not delete tag

* Update maintainer list for LGTM

* Fix benchmarktests (go-gitea#557)

* build failed by deleting release by API (go-gitea#562)

* bug fixed for fork repos (go-gitea#560)

* Update xorm and dependencies vendor for feature to dump to other database (go-gitea#565)

* update xorm and dependencies vendor for feature to dump to other database

* fix golint

* fix bug go-gitea#564 (go-gitea#567)

* Add pagination for notifications

* fix: Remove call to set GOMAXPROCS (go-gitea#577)

* Rename .gogs to .gitea and comply with github template guidelines (go-gitea#568) (go-gitea#582)

Signed-off-by: Manuel Kuhlmann <manuel@mkuhlmann.org>

* Fix typos in models/ (go-gitea#576)

* Check primary email address fields on CreateUser (go-gitea#556)

* Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.

* Update user.go

* Lower the email first. Then check

* Fix SQL bug in models/access (go-gitea#583)

Previously got a 'relation repo_access does not exist' error in User_GetRepositoryAccesses

* Fix diff split view coloring (go-gitea#553) (go-gitea#584)

Signed-off-by: Manuel Kuhlmann <manuel@mkuhlmann.org>

* Fix unified diff view styling (go-gitea#585)

Signed-off-by: Manuel Kuhlmann <manuel@mkuhlmann.org>

* Add the note forked from gogs (go-gitea#590)

* add the note forked from gogs

* make the sentence simple

* Clone tags within drone for proper version generation (go-gitea#591)

* Added 1.0.1 to changelog (go-gitea#594)
lunny pushed a commit to lunny/gitea that referenced this pull request Feb 7, 2019
* Add function to resolve short commit ID to full SHA1

* Add tests for GetFullCommitID
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants