Add 1.6.4 changelog (#5739)

Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>

.drone.yml

@@ -22,7 +22,7 @@ pipeline:
       branch: [ master ]
 
   update-translations:
-    image: alpine:3.6
+    image: alpine:3.7
     commands:
       - mv ./options/locale/locale_en-US.ini ./options/
       - sed -i -e 's/="/=/g' -e 's/"$$//g' ./options/locale/*.ini
@@ -56,7 +56,7 @@ pipeline:
       event: [ push, tag, pull_request ]
 
   build-without-gcc:
-    image: golang:1.8
+    image: golang:1.9
     pull: true
     commands:
       - go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
@@ -64,7 +64,7 @@ pipeline:
       event: [ push, tag, pull_request ]
 
   build:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     environment:
       TAGS: bindata sqlite
@@ -83,7 +83,7 @@ pipeline:
       event: [ push, tag, pull_request ]
 
   test:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     group: test
     environment:
@@ -95,7 +95,7 @@ pipeline:
       branch: [ master ]
 
   test:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     group: test
     environment:
@@ -107,7 +107,7 @@ pipeline:
       branch: [ release/* ]
 
   test:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     group: test
     environment:
@@ -130,7 +130,7 @@ pipeline:
   #     event: [ push, tag, pull_request ]
 
   test-mysql:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     group: test
     environment:
@@ -145,7 +145,7 @@ pipeline:
       branch: [ master ]
 
   test-mysql:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     group: test
     environment:
@@ -159,7 +159,7 @@ pipeline:
       event: [ tag ]
 
   test-pgsql:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     group: test
     environment:
@@ -173,7 +173,7 @@ pipeline:
       event: [ push, tag, pull_request ]
 
   generate-coverage:
-    image: golang:1.10
+    image: golang:1.11
     pull: true
     environment:
       TAGS: bindata
@@ -203,7 +203,7 @@ pipeline:
     when:
       event: [ push, tag ]
 
-  build_docs:
+  build-docs:
     image: webhippie/hugo:latest
     pull: true
     commands:
@@ -212,26 +212,12 @@ pipeline:
       - make clean
       - make build
 
-  docker_docs:
-    image: plugins/docker:17.05
+  publish-docs:
+    image: lucap/drone-netlify:latest
     pull: true
-    secrets: [ docker_username, docker_password ]
-    repo: gitea/docs
-    context: docs
-    dockerfile: docs/Dockerfile
-    tags: [ '${DRONE_BRANCH##release/v}' ]
-    when:
-      event: [ push ]
-      branch: [ release/* ]
-
-  docker_docs:
-    image: plugins/docker:17.05
-    pull: true
-    secrets: [ docker_username, docker_password ]
-    repo: gitea/docs
-    context: docs
-    dockerfile: docs/Dockerfile
-    tags: [ 'latest' ]
+    secrets: [ netlify_token ]
+    site_id: d2260bae-7861-4c02-8646-8f6440b12672
+    path: docs/public/
     when:
       event: [ push ]
       branch: [ master ]

BSDmakefile

@@ -0,0 +1,51 @@
+# GNU makefile proxy script for BSD make
+# Written and maintained by Mahmoud Al-Qudsi <mqudsi@neosmart.net>
+# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2018
+# Obtain updates from <https://github.com/neosmart/gmake-proxy>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+JARG =
+GMAKE = "gmake"
+#When gmake is called from another make instance, -w is automatically added
+#which causes extraneous messages about directory changes to be emitted.
+#--no-print-directory silences these messages.
+GARGS = "--no-print-directory"
+
+.if "$(.MAKE.JOBS)" != ""
+JARG = -j$(.MAKE.JOBS)
+.endif
+
+#by default bmake will cd into ./obj first
+.OBJDIR: ./
+
+.PHONY: FRC
+$(.TARGETS): FRC
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.DONE .DEFAULT: .SILENT
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.ERROR: .SILENT
+	if ! which $(GMAKE) > /dev/null; then \
+		echo "GNU Make is required!"; \
+	fi

CHANGELOG.md

@@ -4,10 +4,248 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
-## [1.5.0-RC1](https://github.com/go-gitea/gitea/releases/tag/v1.5.0-rc1) - 2018-07-04
+## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
+* BUGFIX
+  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
+  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
+  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
+
+## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
 * SECURITY
+  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
+* BUGFIX
+  * Fix wrong text getting saved on editing second comment on an issue (#5608)
+
+## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
+* SECURITY
+  * Sanitize uploaded file names (#5571) (#5573)
+  * HTMLEncode user added text (#5570) (#5575)
+* BUGFIXES
+  * Fix indexer reindex bug when gitea restart (#5563) (#5564)
+  * Remove a double slash in the HTTPS redirect with Let's Encrypt (#5537) (#5539)
+  * Fix bug when a read perm user to edit his issue (#5516) (#5534)
+  * Detect force push failure on deletion of protected branches (#5522) (#5531)
+  * Let's Encrypt handler listens on correct port for certificate validation (#5525) (#5527)
+  * Fix forgot deletion of notification when delete repository (#5506) (#5514)
+  * Fix undeleted content when deleting user (#5429) (#5509)
+  * Fix empty wiki (#5504) (#5508)
+
+## [1.6.1](https://github.com/go-gitea/gitea/releases/tag/v1.6.1) - 2018-12-08
+* BUGFIXES
+  * Fix dependent issue searching when gitea is run in subpath (#5392) (#5400)
+  * API: '/orgs/:org/repos': return private repos with read access (#5393)
+  * Fix repository deletion when there is large number of issues in it (#5426) (#5434)
+  * Word-break the WebHook url to prevent a ui-break (#5445)
+  * Admin should be able to delete repos via the API even if they are not a member of the organization (#5443) (#5447)
+  * Ensure that the `closed_at` is set for closed (#5450)
+  * Fix topic name length on database (#5493) (#5495)
+
+## [1.6.0](https://github.com/go-gitea/gitea/releases/tag/v1.6.0) - 2018-11-22
+* BREAKING
+  * Respect email privacy option in user search via API (#4512)
+  * Simply remove tidb and deps (#3993)
+  * Swagger.v1.json template (#3572)
+* SECURITY
+  * Add CSRF checking to reqToken and add reqToken to admin API routes (#5272) (#5250)
+  * Improve URL validation for external wiki  and external issues (#4710)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)
+  * Don't disclose emails of all users when sending out emails (#4664)
+  * Check that repositories can only be migrated to own user or organizations (#4366)
+* FEATURE
+  * Add comment replies (#5147) (#5104)
+  * Pull request review/approval and comment on code (#3748)
+  * Added dependencies for issues (#2196) (#2531)
+  * Add the ability to have built in themes in Gitea and provide dark theme arc-green (#4198)
+  * Add sudo functionality to the API (#4809)
+  * Add oauth providers via cli (#4591)
+  * Disable merging a WIP Pull request (#4529)
+  * Force user to change password (#4489)
+  * Add letsencrypt to Gitea (#4189)
+  * Add push webhook support for mirrored repositories (#4127)
+  * Add csv file render support defaultly (#4105)
+  * Add Recaptcha functionality to Gitea (#4044)
+* ENHANCEMENT
+  * Fix milestones sorted wrongly (#4987)
+  * Allow api to create tags for releases if they don't exist (#4890)
+  * Fix #4877 to follow the OpenID Connect Audiences spec (#4878)
+  * Enforce token on api routes [fixed critical security issue #4357] (#4840)
+  * Update legacy branch and tag URLs in dashboard to new format (#4812)
+  * Slack webhook channel name cannot be empty or just contain an hashtag (#4786)
+  * Add whitespace handling to PR-comparsion (#4683)
+  * Make reverse proxy auth optional (#4643)
+  * MySQL TLS (#4642)
+  * Make sure to set PR split view when creating/previewing a pull request  (#4617)
+  * Log user in after a successful sign up (#4615)
+  * Fix typo IsPullReuqestBroken -> IsPullRequestBroken (#4578)
+  * Allow admin toggle forcing a password change for newly created users (#4563)
+  * Update jQuery to v1.12.4 (#4551)
+  * Env var GITEA_PUSHER_EMAIL (#4516)
+  * Feat(repo): support search repository by topic name (#4505)
+  * Small improvements to dependency UI (#4503)
+  * Make max commits in graph configurable (#4498)
+  * Add valid for lfs oid (#4461)
+  * Add shortcut to save wiki page (#4452)
+  * Allow administrator to create repository for any organization (#4368)
+  * Fix repository last updated time update when delete a user who watched the repo (#4363)
+  * Switch plaintext scratch tokens to use hash instead (#4331)
+  * Increase default TOTP secret size to 320 bits (#4287)
+  * Keep preseeded database password (#4284)
+  * Implemented hover text showing user FullName (#4261)
+  * Add ability to delete a token (#4235)
+  * Fix typos in i18n variable names. (#4080)
+  * Api: repos/search: add parameters to control the sort order (#3964)
+  * Add missing path in the Docker app.ini template (#2181)
+  * Add file name and branch to page title (#4902)
+  * Offline use of google fonts (#4872)
+  * Add missing History link to directory listings v2 (#4829)
+  * Locale for Edit and Remove due date issue (#4802)
+  * Disable 'May Import Local Repository' when is disabled by setting (Is… (#4780)
+  * API /admin/users/{username} missing parameter (#4775)
+  * Display error when adding a user to a team twice (#4746)
+  * Remove UsePrivilegeSeparation from the Docker sshd_config, see #2876 (#4722)
+  * Focus title input when clicking helper link (#4696)
+  * Add vendor to user reserved words and format words list according alphabet (#4685)
+  * Add gitea/issues link to 500 page (#4654)
+  * Hide home button when landing page is not set to home (#4651)
+  * Remove link to GitHub issues in 404 template (#4639)
+  * Cmd/serve: pprof cpu and memory profile dumps to disk (#4560)
+  * Add flash message after an account has been successfully activated (#4510)
+  * Prevent html entity escaping on delete branch (#4471)
+  * Locale for button Edit on protected branch (#4442)
+  * Update notification icon (#4343)
+  * Added front-end topics validation (#4316)
+  * Don't display buttons if there are no system notifications (#4280)
+  * Issue due date api (#3890)
+* BUGFIXES
+  * dont' send assign webhooks when creating issue (#5365)
+  * Fix create team, update team missing units (#5188)
+  * Fix file edit change preview functionality (#5300)
+  * *ix bug when users have serval teams with different units on different repositories (#5307)
+  * Fix U2F if gitea is configured in subpath (#5302)
+  * Fix markdown image with link (#4675)
+  * Remove maxlines option for file logger (#5282)
+  * Fix wrong api request url for instances running in subfolders (#5261) (#5247)
+  * Accept web-command cli flags if web-command is commited (#5245) (#5200)
+  * Reduce join star, repo_topic, topic tables on repo search, to resolve extra columns problem on MSSQL (#5136) (#5229)
+  * Fix data race on migrate repository (#5224) (#5230)
+  * Add secret to all webhook's payload where it has been missing (#5208) (#5199)
+  * Fix sqlite and MSSQL lock (#5210) (#5223) (#5214) (#5218) (#5176) (#5179)
+  * Fix race on updatesize (#5190) (#5215)
+  * Fix filtering issues by tags on main screen issues (#5219) (#3824)
+  * Fix SQL quoting (#5137) (#5117)
+  * Fix regex to support optional end line of old section in diff hunk (#5097) (#5096)
+  * Fix release creation via API (#5076)
+  * Remove links from topics in edit mode  (#5026)
+  * Fix missing AppSubUrl in few more templates (fixup) (#5021)
+  * Fix missing AppSubUrl in some templates (#5020)
+  * Hide outdated comments in file view (#5017)
+  * Upgrade gopkg.in/testfixtures.v2 (#4999)
+  * Disable debug routes unless PPROF is enabled in configuration (#4995)
+  * Fix user menu item styling (#4985)
+  * Fix layout of the topics editing form (#4971)
+  * Fix null pointer dereference in ParseCommitWithSignature (#4962)
+  * Fix url in discord webhook (#4953)
+  * Detect charset and convert non UTF-8 files for display (#4950)
+  * Make sure to catch the right error so it is displayed on the UI (#4945)
+  * Fix(topics): don't redirect to explore page. (#4938)
+  * Fix bug forget to remove Stopwatch when remove repository (#4928)
+  * Fix bug when repo remained bare if multiple branches pushed in single push (#4923)
+  * Fix: Crippled diff (#4726) (#4900)
+  * Fix trimming of markup section names (#4863)
+  * Issues api allow pulls and fix #4832 (#4852)
+  * Do not autocreate directory for new users/orgs (#4828) (#4849)
+  * Fix redirect with non-ascii branch names (#4764) (#4810)
+  * Fix missing release title in webhook (#4783) (#4796)
+  * User shouldn't be able to approve or reject his/her own PR (#4729)
+  * Make sure to reset commit count in the cache on mirror syncing (#4720)
+  * Fixed bug where team with admin privelege type doesn't get any unit  (#4719)
+  * Fix incorrect caption of webhook setting (#4701) (#4717)
+  * Allow WIP marker to contains < or > (#4709)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4680)
+  * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645)
+  * Fix custom templates being ignored (#4638)
+  * Fix starring icon after semantic ui update (#4628)
+  * Fix Split-View line adjustment (#4622)
+  * Fix integer constant overflows in tests (#4616)
+  * Push whitelist now doesn't apply to branch deletion (#4601) (#4607)
+  * Fix bugs when too many IN variables (#4594)
+  * Fix failure on creating pull request with assignees (#4419) (#4583)
+  * Fix panic issue on update avatar email (#4580) (#4581)
+  * Fix status code label for a successful webhook (#4540)
+  * An inactive user shouldn't be able to be added as a collaborator (#4535)
+  * Don't fail silently if trying to add a collaborator twice (#4533)
+  * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519) (#4525)
+  * Fix out-of-transaction query in removeOrgUser (#4521) (#4522)
+  * Fix migration from older releases (#4495)
+  * Accept 'Data:' in commit graph (#4487)
+  * Update xorm to latest version and fix correct `user` table referencing in sql (#4473)
+  * Relative URLs for LibreJS page (#4460)
+  * Redirect to correct page after using scratch token (#4458)
+  * Fix column droping for MSSQL that need new transaction for that (#4440)
+  * Replace src with raw to fix image paths (#4377)
+  * Add default merge options when creating new repository (#4369)
+  * Fix docker build (#4358)
+  * Fixes repo membership check in API (#4341)
+  * Dep upgrade mysql lib (#4161)
+  * Fix some issues with special chars in branch names (#3767)
+  * Responsive design fixes (#4508)
+* TRANSLATION
+  * Fix punctuation in English translation (#4958)
+  * Fix translation (#4355)
+
+## [1.5.3](https://github.com/go-gitea/gitea/releases/tag/v1.5.3) - 2018-10-31
+* SECURITY
+  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
+
+## [1.5.2](https://github.com/go-gitea/gitea/releases/tag/v1.5.2) - 2018-10-09
+* SECURITY
+  * Enforce token on api routes (#4840) (#4905)
+* BUGFIXES
+  * Remove links from topics in edit mode (#5030)
+  * Detect charset and convert non UTF-8 files for display (#4950) (#4994)
+  * Fix layout of the topics editing form (#4971) (#4993)
+  * Fix null pointer dereference in ParseCommitWithSignature (#4964)
+  * Fix url in discord webhook (#4951)
+  * Fix font-cropping UI bug in diff (#4726) (#4929)
+  * Fix bug forget to remove Stopwatch when remove repository (#4933)
+  * Fix bug when repo remained bare if multiple branches pushed (#4927)
+  * Fix redirect with non-ascii branch names (#4764) (#4887)
+  * Fix issues api allow pulls (#4852) (#4862)
+  * Fix trimming of markup section names (#4864)
+
+## [1.5.1](https://github.com/go-gitea/gitea/releases/tag/v1.5.1) - 2018-09-03
+* SECURITY
+  * Don't disclose emails of all users when sending out emails (#4784)
+  * Improve URL validation for external wiki and external issues (#4710) (#4740)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
+* BUGFIXES
+  * Fix missing release title in webhook (#4783) (#4800)
+  * Make sure to reset commit count in the cache on mirror syncing (#4770)
+  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
+  * Fix failure on creating pull request with assignees (#4583) (#4727)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
+* TRANSLATION
+  * Fix incorrect caption of webhook setting (#4701) (#4718)
+
+## [1.5.0](https://github.com/go-gitea/gitea/releases/tag/v1.5.0) - 2018-08-10
+* SECURITY
+  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
   * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
   * Do not allow to reuse TOTP passcode (#3878)
+* BUGFIXES
+  * Fix column droping for MSSQL that need new transaction for that (#4440) (#4484)
+  * Redirect to correct page after using scratch token (#4458) (#4472)
+  * Replace src with raw to fix image paths (#4377) (#4386)
+  * Fixes repo membership check in API (#4341) (#4379)
+  * Add default merge options when adding new repository (#4369) (#4373)
+  * Fix repository last updated time update when delete a user who watched the repo (#4363) (#4371)
+  * Fix html entity escaping in branch deletion message (#4471) (#4485)
+  * Fix out-of-transaction query in removeOrgUser (#4521) (#4524)
+  * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519)
+  * Fix panic issue on update avatar email (#4580) (#4590)
+  * Fix bugs when too many IN variables (#4594) (#4597)
+  * Push whitelist now doesn't apply to branch deletion (#4601) (#4640)
+  * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645) (#4650)
 * FEATURE
   * Add cli commands to regen hooks & keys (#3979)
   * Add support for FIDO U2F (#3971)

CONTRIBUTING.md

@@ -16,6 +16,7 @@
   - [Maintainers](#maintainers)
   - [Owners](#owners)
   - [Versions](#versions)
+  - [Releasing Gitea](#releasing-gitea)
   - [Copyright](#copyright)
 
 ## Introduction
@@ -68,7 +69,7 @@ whole tree to make sure the changes don't break other usage
 and keep the compatibility on upgrade. To make sure you are
 running the test suite exactly like we do, you should install
 the CLI for [Drone CI](https://github.com/drone/drone), as
-we are using the server for continous testing, following [these
+we are using the server for continuous testing, following [these
 instructions](http://docs.drone.io/cli-installation/). After that,
 you can simply call `drone exec --local --build-event "pull_request"` within
 your working directory and it will try to run the test suite locally.
@@ -92,7 +93,7 @@ You can find more information on how to get started with it on the [dep project
 We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
 The only translation that is maintained in this git repository is
 [`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
-and is synced regularily to Crowdin. Once a translation has reached
+and is synced regularly to Crowdin. Once a translation has reached
 A SATISFACTORY PERCENTAGE it will be synced back into this repo and
 included in the next released version.
 
@@ -256,6 +257,19 @@ in production, please download the latest release tag version. All the
 branches will be protected via GitHub, all the PRs to every branch must
 be reviewed by two maintainers and must pass the automatic tests.
 
+## Releasing Gitea
+
+* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
+  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`. 
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
+* If needed send PR for changelog on branch `master`.
+* Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.
+
 ## Copyright
 
 Code that you contribute should use the standard copyright header:

Dockerfile

@@ -58,3 +58,4 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 
 COPY docker /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea

Gopkg.toml

@@ -15,7 +15,7 @@ ignored = ["google.golang.org/appengine*"]
   name = "code.gitea.io/sdk"
 
 [[constraint]]
-  revision = "9f005a07e0d31d45e6656d241bb5c0f2efd4bc94"
+  revision = "12dd70caea0268ac0d6c2707d0611ef601e7c64e"
   name = "golang.org/x/crypto"
 
 [[constraint]]
@@ -30,15 +30,14 @@ ignored = ["google.golang.org/appengine*"]
   revision = "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
   name = "golang.org/x/net"
 
-[[constraint]]
-  #version = "v1.0.0"
-  revision = "33197485abe227dcb254644cf5081c9a3c281669"
-  name = "github.com/pingcap/tidb"
-
 [[override]]
   name = "github.com/go-xorm/xorm"
   #version = "0.6.5"
-  revision = "d4149d1eee0c2c488a74a5863fd9caf13d60fd03"
+  revision = "ad69f7d8f0861a29438154bb0a20b60501298480"
+
+[[override]]
+  name = "github.com/go-sql-driver/mysql"
+  revision = "d523deb1b23d913de5bdada721a6071e71283618"
 
 [[override]]
   name = "github.com/gorilla/mux"
@@ -58,7 +57,7 @@ ignored = ["google.golang.org/appengine*"]
 
 [[constraint]]
   name = "github.com/markbates/goth"
-  version = "1.45.5"
+  version = "1.46.1"
 
 [[constraint]]
   branch = "master"

MAINTAINERS

@@ -22,5 +22,5 @@ Peter Žeby <morlinest@gmail.com> (@morlinest)
 Matti Ranta <matti@mdranta.net> (@techknowlogick)
 Michael Lustfield <mtecknology@debian.org> (@MTecknology)
 Jonas Franz <info@jonasfranz.software> (@JonasFranzDEV)
-Flynn Lufmons <fluf@warpmail.net> (@flufmonster)
 Alexey Terentyev <axifnx@gmail.com> (@axifive)
+Lanre Adelowo <yo@lanre.wtf> (@adelowo)

Makefile

@@ -21,7 +21,19 @@ GOFMT ?= gofmt -s
 GOFLAGS := -i -v
 EXTRA_GOFLAGS ?=
 
-LDFLAGS := -X "main.Version=$(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')" -X "main.Tags=$(TAGS)"
+ifneq ($(DRONE_TAG),)
+	VERSION ?= $(subst v,,$(DRONE_TAG))
+	GITEA_VERSION := $(VERSION)
+else
+	ifneq ($(DRONE_BRANCH),)
+		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
+	else
+		VERSION ?= master
+	endif
+	GITEA_VERSION := $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
+endif
+
+LDFLAGS := -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
 
 PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
 SOURCES ?= $(shell find . -name "*.go" -type f)
@@ -30,6 +42,10 @@ TAGS ?=
 
 TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')
 
+SWAGGER_SPEC := templates/swagger/v1_json.tmpl
+SWAGGER_SPEC_S_TMPL := s|"basePath":\s*"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath":\s*"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+
 TEST_MYSQL_HOST ?= mysql:3306
 TEST_MYSQL_DBNAME ?= testgitea
 TEST_MYSQL_USERNAME ?= root
@@ -45,15 +61,8 @@ else
 	EXECUTABLE := gitea
 endif
 
-ifneq ($(DRONE_TAG),)
-	VERSION ?= $(subst v,,$(DRONE_TAG))
-else
-	ifneq ($(DRONE_BRANCH),)
-		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
-	else
-		VERSION ?= master
-	endif
-endif
+# $(call strip-suffix,filename)
+strip-suffix = $(firstword $(subst ., ,$(1)))
 
 .PHONY: all
 all: build
@@ -89,11 +98,12 @@ generate-swagger:
 	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
 	fi
-	swagger generate spec -o ./public/swagger.v1.json
+	swagger generate spec -o './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 
 .PHONY: swagger-check
 swagger-check: generate-swagger
-	@diff=$$(git diff public/swagger.v1.json); \
+	@diff=$$(git diff '$(SWAGGER_SPEC)'); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make generate-swagger' and commit the result:"; \
 		echo "$${diff}"; \
@@ -105,7 +115,9 @@ swagger-validate:
 	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
 	fi
-	swagger validate ./public/swagger.v1.json
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_JSON)' './$(SWAGGER_SPEC)'
+	swagger validate './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 
 .PHONY: errcheck
 errcheck:
@@ -117,7 +129,7 @@ errcheck:
 .PHONY: lint
 lint:
 	@hash golint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/golang/lint/golint; \
+		$(GO) get -u golang.org/x/lint/golint; \
 	fi
 	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
 
@@ -301,7 +313,7 @@ public/js/index.js: $(JAVASCRIPTS)
 
 .PHONY: stylesheets-check
 stylesheets-check: generate-stylesheets
-	@diff=$$(git diff public/css/index.css); \
+	@diff=$$(git diff public/css/*); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make generate-stylesheets' and commit the result:"; \
 		echo "$${diff}"; \
@@ -311,6 +323,7 @@ stylesheets-check: generate-stylesheets
 .PHONY: generate-stylesheets
 generate-stylesheets:
 	node_modules/.bin/lessc --clean-css public/less/index.less public/css/index.css
+	$(foreach file, $(filter-out public/less/themes/_base.less, $(wildcard public/less/themes/*)),node_modules/.bin/lessc --clean-css public/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
 
 .PHONY: swagger-ui
 swagger-ui:

README.md

@@ -29,7 +29,7 @@ This project has been
 
 From the root of the source tree, run:
 
-    make generate all
+    TAGS="bindata" make generate all
 
 More info: https://docs.gitea.io/en-us/install-from-source/
 
@@ -90,6 +90,10 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 
 Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.
 
+**Why is this not hosted on a Gitea instance?**
+
+We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
+
 ## License
 
 This project is licensed under the MIT License.

README_ZH.md

@@ -11,16 +11,9 @@
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
 [![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)
 
-| | | |
-|:---:|:---:|:---:|
-|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
-|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
-
 ## 目标
 
-Gitea的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用Go作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了x86，amd64，还包括 ARM 和 PowerPC。
+Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。
 
 如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！
 
@@ -47,3 +40,12 @@ Fork -> Patch -> Push -> Pull Request
 ## 授权许可
 
 本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) 文件中。
+
+## 截图
+
+| | | |
+|:---:|:---:|:---:|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
+|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|

cmd/admin.go

@@ -7,9 +7,12 @@ package cmd
 
 import (
 	"fmt"
+	"os"
+	"text/tabwriter"
 
 	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/oauth2"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
@@ -26,6 +29,7 @@ var (
 			subcmdChangePassword,
 			subcmdRepoSyncReleases,
 			subcmdRegenerate,
+			subcmdAuth,
 		},
 	}
 
@@ -121,6 +125,121 @@ var (
 			},
 		},
 	}
+
+	subcmdAuth = cli.Command{
+		Name:  "auth",
+		Usage: "Modify external auth providers",
+		Subcommands: []cli.Command{
+			microcmdAuthAddOauth,
+			microcmdAuthUpdateOauth,
+			microcmdAuthList,
+			microcmdAuthDelete,
+		},
+	}
+
+	microcmdAuthList = cli.Command{
+		Name:   "list",
+		Usage:  "List auth sources",
+		Action: runListAuth,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "config, c",
+				Value: "custom/conf/app.ini",
+				Usage: "Custom configuration file path",
+			},
+		},
+	}
+
+	idFlag = cli.Int64Flag{
+		Name:  "id",
+		Usage: "ID of OAuth authentication source",
+	}
+
+	microcmdAuthDelete = cli.Command{
+		Name:   "delete",
+		Usage:  "Delete specific auth source",
+		Action: runDeleteAuth,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "config, c",
+				Value: "custom/conf/app.ini",
+				Usage: "Custom configuration file path",
+			},
+			idFlag,
+		},
+	}
+
+	oauthCLIFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "config, c",
+			Value: "custom/conf/app.ini",
+			Usage: "Custom configuration file path",
+		},
+		cli.StringFlag{
+			Name:  "name",
+			Value: "",
+			Usage: "Application Name",
+		},
+		cli.StringFlag{
+			Name:  "provider",
+			Value: "",
+			Usage: "OAuth2 Provider",
+		},
+		cli.StringFlag{
+			Name:  "key",
+			Value: "",
+			Usage: "Client ID (Key)",
+		},
+		cli.StringFlag{
+			Name:  "secret",
+			Value: "",
+			Usage: "Client Secret",
+		},
+		cli.StringFlag{
+			Name:  "auto-discover-url",
+			Value: "",
+			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
+		},
+		cli.StringFlag{
+			Name:  "use-custom-urls",
+			Value: "false",
+			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
+		},
+		cli.StringFlag{
+			Name:  "custom-auth-url",
+			Value: "",
+			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-token-url",
+			Value: "",
+			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-profile-url",
+			Value: "",
+			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-email-url",
+			Value: "",
+			Usage: "Use a custom Email URL (option for GitHub)",
+		},
+	}
+
+	microcmdAuthUpdateOauth = cli.Command{
+		Name:   "update-oauth",
+		Usage:  "Update existing Oauth authentication source",
+		Action: runUpdateOauth,
+		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
+	}
+
+	microcmdAuthAddOauth = cli.Command{
+		Name:   "add-oauth",
+		Usage:  "Add new Oauth authentication source",
+		Action: runAddOauth,
+		Flags:  oauthCLIFlags,
+	}
 )
 
 func runChangePassword(c *cli.Context) error {
@@ -262,3 +381,170 @@ func runRegenerateKeys(c *cli.Context) error {
 	}
 	return models.RewriteAllPublicKeys()
 }
+
+func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
+	var customURLMapping *oauth2.CustomURLMapping
+	if c.IsSet("use-custom-urls") {
+		customURLMapping = &oauth2.CustomURLMapping{
+			TokenURL:   c.String("custom-token-url"),
+			AuthURL:    c.String("custom-auth-url"),
+			ProfileURL: c.String("custom-profile-url"),
+			EmailURL:   c.String("custom-email-url"),
+		}
+	} else {
+		customURLMapping = nil
+	}
+	return &models.OAuth2Config{
+		Provider:                      c.String("provider"),
+		ClientID:                      c.String("key"),
+		ClientSecret:                  c.String("secret"),
+		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
+		CustomURLMapping:              customURLMapping,
+	}
+}
+
+func runAddOauth(c *cli.Context) error {
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	if err := models.CreateLoginSource(&models.LoginSource{
+		Type:      models.LoginOAuth2,
+		Name:      c.String("name"),
+		IsActived: true,
+		Cfg:       parseOAuth2Config(c),
+	}); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func runUpdateOauth(c *cli.Context) error {
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	}
+
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	oAuth2Config := source.OAuth2()
+
+	if c.IsSet("name") {
+		source.Name = c.String("name")
+	}
+
+	if c.IsSet("provider") {
+		oAuth2Config.Provider = c.String("provider")
+	}
+
+	if c.IsSet("key") {
+		oAuth2Config.ClientID = c.String("key")
+	}
+
+	if c.IsSet("secret") {
+		oAuth2Config.ClientSecret = c.String("secret")
+	}
+
+	if c.IsSet("auto-discover-url") {
+		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
+	}
+
+	// update custom URL mapping
+	var customURLMapping *oauth2.CustomURLMapping
+
+	if oAuth2Config.CustomURLMapping != nil {
+		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
+		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
+		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
+		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
+	}
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
+		customURLMapping.TokenURL = c.String("custom-token-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {
+		customURLMapping.AuthURL = c.String("custom-auth-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {
+		customURLMapping.ProfileURL = c.String("custom-profile-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {
+		customURLMapping.EmailURL = c.String("custom-email-url")
+	}
+
+	oAuth2Config.CustomURLMapping = customURLMapping
+	source.Cfg = oAuth2Config
+
+	if err := models.UpdateSource(source); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func runListAuth(c *cli.Context) error {
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	loginSources, err := models.LoginSources()
+
+	if err != nil {
+		return err
+	}
+
+	// loop through each source and print
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.AlignRight)
+	fmt.Fprintf(w, "ID\tName\tType\tEnabled")
+	for _, source := range loginSources {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
+	}
+	w.Flush()
+
+	return nil
+}
+
+func runDeleteAuth(c *cli.Context) error {
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	}
+
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	if err = models.DeleteSource(source); err != nil {
+		return err
+	}
+	return nil
+}

cmd/hook.go

@@ -112,10 +112,15 @@ func runHookPreReceive(c *cli.Context) error {
 		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
 		protectBranch, err := private.GetProtectedBranchBy(repoID, branchName)
 		if err != nil {
-			log.GitLogger.Fatal(2, "retrieve protected branches information failed")
+			fail("Internal error", fmt.Sprintf("retrieve protected branches information failed: %v", err))
 		}
 
 		if protectBranch != nil && protectBranch.IsProtected() {
+			// check and deletion
+			if newCommitID == git.EmptySHA {
+				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
+			}
+
 			// detect force push
 			if git.EmptySHA != oldCommitID {
 				output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
@@ -126,17 +131,12 @@ func runHookPreReceive(c *cli.Context) error {
 				}
 			}
 
-			// check and deletion
-			if newCommitID == git.EmptySHA {
-				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
-			} else {
-				userID, _ := strconv.ParseInt(userIDStr, 10, 64)
-				canPush, err := private.CanUserPush(protectBranch.ID, userID)
-				if err != nil {
-					fail("Internal error", "Fail to detect user can push: %v", err)
-				} else if !canPush {
-					fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
-				}
+			userID, _ := strconv.ParseInt(userIDStr, 10, 64)
+			canPush, err := private.CanUserPush(protectBranch.ID, userID)
+			if err != nil {
+				fail("Internal error", "Fail to detect user can push: %v", err)
+			} else if !canPush {
+				fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
 			}
 		}
 	}

cmd/serv.go

@@ -16,6 +16,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -42,6 +43,9 @@ var CmdServ = cli.Command{
 			Value: "custom/conf/app.ini",
 			Usage: "Custom configuration file path",
 		},
+		cli.BoolFlag{
+			Name: "enable-pprof",
+		},
 	},
 }
 
@@ -143,6 +147,18 @@ func runServ(c *cli.Context) error {
 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
 
+	if setting.EnablePprof || c.Bool("enable-pprof") {
+		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
+			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
+		}
+
+		stopCPUProfiler := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
+		defer func() {
+			stopCPUProfiler()
+			pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
+		}()
+	}
+
 	isWiki := false
 	unitType := models.UnitTypeCode
 	if strings.HasSuffix(reponame, ".wiki") {

cmd/web.go

@@ -5,6 +5,7 @@
 package cmd
 
 import (
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -22,6 +23,7 @@ import (
 	"github.com/Unknwon/com"
 	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
+	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
 )
 
@@ -71,6 +73,42 @@ func runHTTPRedirector() {
 	}
 }
 
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+	certManager := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist(domain),
+		Cache:      autocert.DirCache(directory),
+		Email:      email,
+	}
+	go func() {
+		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+		var err = http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+		if err != nil {
+			log.Fatal(4, "Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+		}
+	}()
+	server := &http.Server{
+		Addr:    listenAddr,
+		Handler: m,
+		TLSConfig: &tls.Config{
+			GetCertificate: certManager.GetCertificate,
+		},
+	}
+	return server.ListenAndServeTLS("", "")
+}
+
+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
+
 func runWeb(ctx *cli.Context) error {
 	if ctx.IsSet("config") {
 		setting.CustomConf = ctx.String("config")
@@ -143,6 +181,10 @@ func runWeb(ctx *cli.Context) error {
 	case setting.HTTP:
 		err = runHTTP(listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
+		if setting.EnableLetsEncrypt {
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
+			break
+		}
 		if setting.RedirectOtherPort {
 			go runHTTPRedirector()
 		}

custom/conf/app.ini.sample

@@ -60,6 +60,10 @@ FILE_MAX_SIZE = 3
 ; Max number of files per upload. Defaults to 5
 MAX_FILES = 5
 
+[repository.pull-request]
+; List of prefixes used in Pull Request title to mark them as Work In Progress
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+
 [ui]
 ; Number of repositories that are displayed on one explore page
 EXPLORE_PAGING_NUM = 20
@@ -67,6 +71,10 @@ EXPLORE_PAGING_NUM = 20
 ISSUE_PAGING_NUM = 10
 ; Number of maximum commits displayed in one activity feed
 FEED_MAX_COMMIT_NUM = 5
+; Number of maximum commits displayed in commit graph.
+GRAPH_MAX_COMMIT_NUM = 100
+; Number of line of codes shown for a code comment
+CODE_COMMENT_LINES = 4
 ; Value of `theme-color` meta tag, used by Android >= 5.0
 ; An invalid color like "none" or "disable" will have the default style
 ; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
@@ -75,13 +83,15 @@ THEME_COLOR_META_TAG = `#6cc644`
 MAX_DISPLAY_FILE_SIZE = 8388608
 ; Whether the email of the user should be shown in the Explore Users page
 SHOW_USER_EMAIL = true
+; Set the default theme for the Gitea install
+DEFAULT_THEME = gitea
 
 [ui.admin]
 ; Number of users that are displayed on one page
 USER_PAGING_NUM = 50
 ; Number of repos that are displayed on one page
 REPO_PAGING_NUM = 50
-; Number of notices that are displayed on in one page
+; Number of notices that are displayed on one page
 NOTICE_PAGING_NUM = 25
 ; Number of organizations that are displayed on one page
 ORG_PAGING_NUM = 50
@@ -181,6 +191,12 @@ STATIC_ROOT_PATH =
 APP_DATA_PATH = data
 ; Application level GZIP support
 ENABLE_GZIP = false
+; Application profiling (memory and cpu)
+; For "web" command it listens on localhost:6060
+; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
+ENABLE_PPROF = false
+; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+PPROF_DATA_PATH = data/tmp/pprof
 ; Landing page, can be "home", "explore", or "organizations"
 LANDING_PAGE = home
 ; Enables git-lfs support. true or false, default is false.
@@ -207,9 +223,10 @@ NAME = gitea
 USER = root
 ; Use PASSWD = `your password` for quoting if you use special characters in the password.
 PASSWD =
-; For "postgres" only, either "disable", "require" or "verify-full"
+; For Postgres, either "disable" (default), "require", or "verify-full"
+; For MySQL, either "false" (default), "true", or "skip-verify"
 SSL_MODE = disable
-; For "sqlite3" and "tidb", use absolute path when you start gitea as service
+; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
 PATH = data/gitea.db
 ; For "sqlite3" only. Query timeout
 SQLITE_TIMEOUT = 500
@@ -301,13 +318,22 @@ ENABLE_NOTIFY_MAIL = false
 ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ; Enable captcha validation for registration
-ENABLE_CAPTCHA = true
+ENABLE_CAPTCHA = false
+; Type of captcha you want to use. Options: image, recaptcha
+CAPTCHA_TYPE = image
+; Enable recaptcha to use Google's recaptcha service
+; Go to https://www.google.com/recaptcha/admin to sign up for a key
+RECAPTCHA_SECRET  = 
+RECAPTCHA_SITEKEY = 
 ; Default value for KeepEmailPrivate
 ; Each new user will get the value of this setting copied into their profile
 DEFAULT_KEEP_EMAIL_PRIVATE = false
 ; Default value for AllowCreateOrganization
 ; Every new user will have rights set to create organizations depending on this setting
 DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+; Default value for EnableDependencies
+; Repositories will use depencies by default depending on this setting
+DEFAULT_ENABLE_DEPENDENCIES = true
 ; Enable Timetracking
 ENABLE_TIMETRACKING = true
 ; Default value for EnableTimetracking
@@ -568,8 +594,8 @@ DEFAULT_INTERVAL = 8h
 MIN_INTERVAL = 10m
 
 [api]
-; Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
-ENABLE_SWAGGER_ENDPOINT = true
+; Enables Swagger. True or false; default is true.
+ENABLE_SWAGGER = true
 ; Max number of items in a page
 MAX_RESPONSE_ITEMS = 50
 

docker/etc/ssh/sshd_config

@@ -29,4 +29,3 @@ AllowUsers git
 
 Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server
-UsePrivilegeSeparation no

docker/etc/templates/app.ini

@@ -4,6 +4,9 @@ RUN_MODE = $RUN_MODE
 [repository]
 ROOT = /data/git/repositories
 
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
 [repository.upload]
 TEMP_PATH = /data/gitea/uploads
 
@@ -14,6 +17,7 @@ HTTP_PORT        = $HTTP_PORT
 ROOT_URL         = $ROOT_URL
 DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
+LFS_CONTENT_PATH = /data/git/lfs
 
 [database]
 PATH = /data/gitea/gitea.db
@@ -23,6 +27,9 @@ NAME    = $DB_NAME
 USER    = $DB_USER
 PASSWD  = $DB_PASSWD
 
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
 [session]
 PROVIDER_CONFIG = /data/gitea/sessions
 

docs/.gitignore

@@ -1,2 +1,3 @@
 public/
+templates/swagger/v1_json.tmpl
 themes/

docs/Dockerfile

@@ -1,22 +0,0 @@
-# build stage
-FROM golang:alpine AS build-env
-
-RUN apk add --no-cache git 
-RUN go get -d -v github.com/mholt/caddy/caddy github.com/pedronasser/caddy-search github.com/simia-tech/caddy-locale
-WORKDIR /go/src/github.com/mholt/caddy/caddy
-
-RUN sed -i '/This is where other plugins get plugged in (imported)/a _ "github.com/pedronasser/caddy-search"' caddymain/run.go \
- && sed -i '/This is where other plugins get plugged in (imported)/a _ "github.com/simia-tech/caddy-locale"' caddymain/run.go \
- && go install -v . \
- && /go/bin/caddy -version
-
-FROM alpine:edge
-EXPOSE 80
-
-RUN apk add --no-cache wget mailcap ca-certificates
-COPY --from=build-env /go/bin/caddy /usr/sbin/caddy
-
-COPY docker/caddy.conf /etc/caddy.conf
-COPY public /srv/www
-
-CMD ["/usr/sbin/caddy", "-conf", "/etc/caddy.conf"]

docs/config.yaml

@@ -31,7 +31,7 @@ menu:
       post: active
     - name: API
       url: https://try.gitea.io/api/swagger
-      weight: 25
+      weight: 45
       pre: plug
     - name: Blog
       url: https://blog.gitea.io/
@@ -79,7 +79,7 @@ languages:
           post: active
         - name: API
           url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
           pre: plug
         - name: 博客
           url: https://blog.gitea.io/
@@ -122,7 +122,7 @@ languages:
           post: active
         - name: API
           url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
           pre: plug
         - name: 部落格
           url: https://blog.gitea.io/
@@ -165,7 +165,7 @@ languages:
           post: active
         - name: API
           url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
           pre: plug
         - name: Blog
           url: https://blog.gitea.io/
@@ -208,7 +208,7 @@ languages:
           post: active
         - name: API
           url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
           pre: plug
         - name: Blog
           url: https://blog.gitea.io/
@@ -241,17 +241,17 @@ languages:
     menu:
       page:
         - name: Site
-          url: /fr-fr/
+          url: https://gitea.io/en-us/
           weight: 10
           pre: home
           post: active
         - name: Documentation
-          url: https://docs.gitea.io/fr-fr/
+          url: /fr-fr/
           weight: 20
           pre: question
         - name: API
           url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
           pre: plug
         - name: Blog
           url: https://blog.gitea.io/

docs/content/doc/advanced/api-usage.en-us.md

@@ -73,3 +73,7 @@ using BasicAuth, as follows:
 $ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
 [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
 ```
+
+## Sudo
+
+The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.

docs/content/doc/advanced/api-usage.zh-cn.md

@@ -0,0 +1,71 @@
+---
+date: "2018-06-24:00:00+02:00"
+title: "API 使用指南"
+slug: "api-usage"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "API 使用指南"
+    weight: 40
+    identifier: "api-usage"
+---
+
+# Gitea API 使用指南
+
+## 开启/配置 API 访问
+
+通常情况下， `ENABLE_SWAGGER_ENDPOINT` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat
+Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) 中获取更多配置相关信息。
+
+## 通过 API 认证
+
+Gitea 支持以下几种 API 认证方式：
+
+- HTTP basic authentication 方式
+- 通过指定 `token=...` URL 查询参数方式
+- 通过指定 `access_token=...` URL 查询参数方式
+- 通过指定 `Authorization: token ...` HTTP header 方式
+
+以上提及的认证方法接受相同的 apiKey token 类型，您可以在编码时通过查阅代码更好地理解这一点。
+Gitea 调用解析查询参数以及头部信息来获取 token 的代码可以在 [modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47) 中找到。
+
+您可以通过您的 gitea web 界面来创建 apiKey token：
+`Settings | Applications | Generate New Token`.
+
+### 关于 `Authorization:` header
+
+由于一些历史原因，Gitea 需要在 header 的 apiKey token 里引入前缀 `token`，类似于如下形式：
+
+```
+Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
+```
+
+以 `curl` 命令为例，它会以如下形式携带在请求中：
+
+```
+curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+    -H "accept: application/json" \
+    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
+    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
+```
+
+正如上例所示，您也可以在 GET 请求中使用同一个 token 并以 `token=` 的查询参数形式携带 token 来进行认证。
+
+## 通过 API 列出您发布的令牌
+
+`/users/:name/tokens` 是一个特殊的接口，需要您使用 basic authentication 进行认证，具体原因在 issue 中
+[#3842](https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346) 有所提及，使用方法如下所示：
+
+### 使用 Basic authentication 认证：
+
+```
+$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
+```
+
+## 使用 Sudo 方式请求 API
+
+此 API 允许管理员借用其他用户身份进行 API 请求。只需在请求中指定查询参数 `sudo=` 或是指定 header 中的 `Sudo:` 为需要使用的用户 username 即可。

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -62,12 +62,18 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    HTTP protocol.
 - `USE_COMPAT_SSH_URI`: **false**: Force ssh:// clone url instead of scp-style uri when
    default SSH port is used.
+   
+### Repository - Pull Request (`repository.pull-request`)
+- `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
+ title to mark them as Work In Progress
 
 ## UI (`ui`)
 
 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
 - `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
+- `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
+- `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
 
 ### UI - Admin (`ui.admin`)
 
@@ -119,6 +125,11 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
    on another (https) port.
 - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
+- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
+   By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
+- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
+- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)
 
 ## Database (`database`)
 
@@ -127,7 +138,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `NAME`: **gitea**: Database name.
 - `USER`: **root**: Database username.
 - `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
-- `SSL_MODE`: **disable**: For PostgreSQL only.
+- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
 - `LOG_SQL`: **true**: Log the executed SQL.
 
@@ -177,7 +188,11 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication.
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
    for reverse authentication.
-- `ENABLE_CAPTCHA`: **true**: Enable this to use captcha validation for registration.
+- `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha\]
+- `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
+- `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
+- `DEFAULT_ENABLE_DEPENDENCIES`: **true** Enable this to have dependencies enabled by default.
 
 ## Webhook (`webhook`)
 
@@ -202,8 +217,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    This is common on linux systems.
    - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
      `FROM` and `SENDMAIL_PATH`.
-- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system. (can be
-   command or full path)
+- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
+   command or full path).
 
 ## Cache (`cache`)
 
@@ -227,7 +242,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    `http://cn.gravatar.com/avatar/`.
 - `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
-   http://www.libravatar.org)
+   [http://www.libravatar.org](http://www.libravatar.org)).
 - `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store local and cached files.
 
 ## Attachment (`attachment`)
@@ -279,10 +294,17 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`.
 
+## Git - Timeout settings (`git.timeout`)
+- `MIGRATE`: **600**: Migrate external repositories timeout seconds.
+- `MIRROR`: **300**: Mirror external repositories timeout seconds.
+- `CLONE`: **300**: Git clone from internal repositories timeout seconds.
+- `PULL`: **300**: Git pull from internal repositories timeout seconds.
+- `GC`: **60**: Git repository GC timeout seconds.
+
 ## API (`api`)
  
 - `ENABLE_SWAGGER_ENDPOINT`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true. 
-- `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page
+- `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
 
 ## i18n (`i18n`)
 

docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@@ -187,6 +187,13 @@ menu:
 - `MAX_GIT_DIFF_FILES`: 比较视图中的最大现实文件数目。
 - `GC_ARGS`: 执行 `git gc` 命令的参数, 比如： `--aggressive --auto`。
 
+## Git - 超时设置 (`git.timeout`)
+- `MIGRATE`: **600**: 迁移外部仓库时的超时时间，单位秒
+- `MIRROR`: **300**: 镜像外部仓库的超时时间，单位秒
+- `CLONE`: **300**: 内部仓库间克隆的超时时间，单位秒
+- `PULL`: **300**: 内部仓库间拉取的超时时间，单位秒
+- `GC`: **60**: git仓库GC的超时时间，单位秒
+
 ## markup (`markup`)
 
 外部渲染工具支持，你可以用你熟悉的文档渲染工具. 比如一下将新增一个名字为 `asciidoc` 的渲染工具which is followed `markup.` ini section. And there are some config items below.

docs/content/doc/advanced/customizing-gitea.en-us.md

@@ -59,7 +59,7 @@ to override can be found in the `templates` directory of Gitea source. Override
 making a copy of the file under `custom/templates` using a full path structure
 matching source.
 
-Any statement contained inside `{{` and `}}` are Gitea's templete syntax and
+Any statement contained inside `{{` and `}}` are Gitea's template syntax and
 shouldn't be touched without fully understanding these components.
 
 ### Adding links and tabs
@@ -91,3 +91,7 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 ## Customizing gitignores, labels, licenses, locales, and readmes.
 
 Place custom files in corresponding sub-folder under `custom/options`.
+
+## Customizing the look of Gitea
+
+Gitea has two built-in themes, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.

docs/content/doc/advanced/customizing-gitea.zh-cn.md

@@ -0,0 +1,88 @@
+---
+date: "2017-04-15T14:56:00+02:00"
+title: "自定义 Gitea 配置"
+slug: "customizing-gitea"
+weight: 9
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "自定义 Gitea 配置"
+    weight: 9
+    identifier: "customizing-gitea"
+---
+
+# 自定义 Gitea 配置
+
+Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板等默认配置。
+
+如果从二进制部署 Gitea ，则所有默认路径都将相对于该 gitea 二进制文件；如果从发行版安装，则可能会将这些路径修改为Linux文件系统标准。Gitea
+将会自动创建包括 `custom/` 在内的必要应用目录，应用本身的配置存放在
+`custom/conf/app.ini` 当中。在发行版中可能会以 `/etc/gitea/` 的形式为 `custom` 设置一个符号链接，查看配置详情请移步：
+
+- [快速备忘单](https://docs.gitea.io/en-us/config-cheat-sheet/)
+- [完整配置清单](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)
+
+如果您在 binary 同目录下无法找到 `custom` 文件夹，请检查您的 `GITEA_CUSTOM`
+环境变量配置， 因为它可能被配置到了其他地方（可能被一些启动脚本设置指定了目录）。
+
+- [环境变量清单](https://docs.gitea.io/en-us/specific-variables/)
+
+**注：** 必须完全重启 Gitea 以使配置生效。
+
+## 使用自定义 /robots.txt
+
+将 [想要展示的内容](http://www.robotstxt.org/) 存放在 `custom` 目录中的
+`robots.txt` 文件来让 Gitea 使用自定义的`/robots.txt` （默认：空 404）。
+
+## 使用自定义的公共文件
+
+将自定义的公共文件（比如页面和图片）作为 webroot 放在 `custom/public/` 中来让 Gitea 提供这些自定义内容（符号链接将被追踪）。
+
+举例说明：`image.png` 存放在 `custom/public/`中，那么它可以通过链接 http://gitea.domain.tld/image.png 访问。
+
+## 修改默认头像
+
+替换以下目录中的 png 图片： `custom/public/img/avatar\_default.png`
+
+## 自定义 Gitea 页面
+
+您可以改变 Gitea `custom/templates` 的每个单页面。您可以在 Gitea 源码的 `templates` 目录中找到用于覆盖的模板文件，应用将根据
+`custom/templates` 目录下的路径结构进行匹配和覆盖。
+
+包含在 `{{` 和 `}}` 中的任何语句都是 Gitea 的模板语法，如果您不完全理解这些组件，不建议您对它们进行修改。
+
+### 添加链接和页签
+
+如果您只是想添加额外的链接到顶部导航栏或额外的选项卡到存储库视图，您可以将它们放在您 `custom/templates/custom/` 目录下的 `extra_links.tmpl` 和 `extra_tabs.tmpl` 文件中。
+
+举例说明：假设您在德国，必须添加着名的法律要求的“Impressum”用以罗列谁负责网站的内容页面，您只需将该页面放在您的
+"custom/public/"目录下（比如 `custom/public/impressum.html`）并且将它与 `custom/templates/custom/extra_links.tmpl` 链接起来即可。
+
+这个链接应当使用一个名为“item”的 class 来匹配当前样式，您可以使用 `{{AppSubUrl}}` 来获取 base URL:
+`<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
+
+同理，您可以将页签添加到 `extra_tabs.tmpl` 中，使用同样的方式来添加页签。它的具体样式需要与
+`templates/repo/header.tmpl` 中已有的其他选项卡的样式匹配
+([source in GitHub](https://github.com/go-gitea/gitea/blob/master/templates/repo/header.tmpl))
+
+### 页面的其他新增内容
+
+除了 `extra_links.tmpl` 和 `extra_tabs.tmpl`，您可以在您的 `custom/templates/custom/` 目录中存放一些其他有用的模板，例如：
+
+- `header.tmpl`，在 `<head>` 标记结束之前的模板，例如添加自定义CSS文件
+- `body_outer_pre.tmpl`，在 `<body>` 标记开始处的模板
+- `body_inner_pre.tmpl`，在顶部导航栏之前，但在主 container 内部的模板，例如添加一个 `<div class="full height">`
+- `body_inner_post.tmpl`，在主 container 结束处的模板
+- `body_outer_post.tmpl`，在底部 `<footer>` 元素之前.
+- `footer.tmpl`，在 `<body>` 标签结束处的模板，可以在这里填写一些附加的 Javascript 脚本。
+
+## 自定义 gitignores，labels， licenses， locales 以及 readmes
+
+将自定义文件放在 `custom/options` 下相应子的文件夹中即可
+
+## 更改 Gitea 外观
+
+Gitea 目前由两种内置主题，分别为默认 `gitea` 主题和深色主题 `arc-green`，您可以通过修改
+`app.ini` [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) 部分的 `DEFAULT_THEME` 的值来变更至一个可用的 Gitea 外观。

docs/content/doc/advanced/hacking-on-gitea.zh-cn.md

@@ -17,7 +17,8 @@ menu:
 
 首先你需要一些运行环境，这和 [从源代码安装]({{< relref "from-source.zh-cn.md" >}}) 相同，如果你还没有设置好，可以先阅读那个章节。
 
-如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea使用Govendor来管理依赖，因此所有依赖项都被工具自动copy在vendor子目录下。用下面的命令来下载源码：
+如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea 使用 Govendor
+来管理依赖，因此所有依赖项都被工具自动 copy 在 vendor 子目录下。用下面的命令来下载源码：
 
 ```
 go get -d code.gitea.io/gitea
@@ -39,4 +40,4 @@ git fetch --all --prune
 
 然后你就可以开始开发了。你可以看一下 `Makefile` 的内容。`make test` 可以运行测试程序， `make build` 将生成一个 `gitea` 可运行文件在根目录。如果你的提交比较复杂，尽量多写一些单元测试代码。
 
-好了，到这里你已经设置好了所有的开发Gitea所需的环境。欢迎成为 Gitea 的 Contributor。
+好了，到这里你已经设置好了所有的开发 Gitea 所需的环境。欢迎成为 Gitea 的 Contributor。

docs/content/doc/advanced/make.zh-cn.md

@@ -0,0 +1,45 @@
+---
+date: "2017-01-14T11:00:00-02:00"
+title: "Make 安装"
+slug: "make"
+weight: 10
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Make 安装"
+    weight: 30
+    identifier: "make"
+---
+
+# 安装 Make
+
+Gitea 大量使用了 Make 工具来自动执行任务并改进开发，本文将介绍如何安装 Make。
+
+### 在 Linux 环境下
+
+可以使用包管理工具来安装 Make。
+
+Ubuntu/Debian 环境，执行以下命令：
+
+```bash
+sudo apt-get install make
+```
+
+Fedora/RHEL/CentOS，执行以下命令：
+
+```bash
+sudo yum install make
+```
+
+### 在 Windows 环境下
+
+您可以参照以下三种方案在 Windows 环境安装 Make：
+
+- 直接使用 [exe文件](http://www.equation.com/servlet/equation.cmd?fa=make)：将适合您系统的exe文件拷贝到某处并添加至环境变量 `PATH` 中。
+  - [32 位版本](ftp://ftp.equation.com/make/32/make.exe)
+  - [64 位版本](ftp://ftp.equation.com/make/64/make.exe)
+- 使用 [MinGW](http://www.mingw.org/) 工具：
+  - 此处使用二进制文件 `mingw32-make.exe` 替代前面提到的 `make.exe`文件。同样您需要将包含此exe文件的 `bin` 目录添加至环境变量 `PATH`中。
+- 通过 [Chocolatey](https://chocolatey.org/packages/make) 安装： 执行 `choco install make` 命令即可。

docs/content/doc/advanced/specific-variables.en-us.md

@@ -66,4 +66,3 @@ For documentation about each of the variables available, refer to the
 ## Miscellaneous
 
   * `SKIP_MINWINSVC`: If set to 1, do not run as a service on Windows.
-  * `ZOOKEEPER_PATH`: [Zookeeper](http://zookeeper.apache.org/) jar file path

docs/content/doc/advanced/specific-variables.zh-cn.md

@@ -0,0 +1,62 @@
+---
+date: "2017-04-08T11:34:00+02:00"
+title: "环境变量清单"
+slug: "specific-variables"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "环境变量清单"
+    weight: 20
+    identifier: "specific-variables"
+---
+
+# 环境变量清单
+
+这里是用来控制 Gitea 行为表现的的环境变量清单，您需要在执行如下 Gitea 启动命令前设置它们来确保配置生效：
+
+```
+GITEA_CUSTOM=/home/gitea/custom ./gitea web
+```
+
+## Go 的配置
+
+因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：
+
+  * `GOOS`
+  * `GOARCH`
+  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+
+您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。
+
+## Gitea 的文件目录
+
+  * `GITEA_WORK_DIR`：工作目录的绝对路径
+  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
+  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
+  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
+
+## 操作系统配置
+
+  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
+  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
+  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
+
+### 仅限于 Windows 的配置
+
+  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
+  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
+  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
+
+## Macaron（Gitea 使用的 web 框架）
+
+  * `HOST`：Macaron 监听的主机地址
+  * `PORT`：Macaron 监听的端口地址
+  * `MACARON_ENV`：为开发环境和生产环境提供特殊功能性配置的全局变量，当 MACARON_ENV 设置为 "" 或 "development"
+  时，每次请求都会重编译页面模板。为了提高性能表现，可将它设置为 "production"。
+
+## Miscellaneous
+
+  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。

docs/content/doc/features/comparison.en-us.md

@@ -37,6 +37,9 @@ _Symbols used in table:_
 | Multiple OS support | ✓ | ✓ | ✘ | ✘ | ✘ | ✘ | ✓ |
 | Easy upgrade process | ✓ | ✓ | ✘ | ✓ | ✓ | ✘ | ✓ |
 | Markdown support | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Orgmode support | ✓ | ✘ | ✓ | ✘ | ✘ | ✘ | ? |
+| CSV support | ✓ | ✘ | ✓ | ✘ | ✘ | ✓ | ? |
+| Third-party render tool support | ✓ | ✘ | ✘ | ✘ | ✘ | ✓ | ? |
 | Static Git-powered pages | ✘ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Integrated Git-powered wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Deploy Tokens | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
@@ -53,7 +56,7 @@ _Symbols used in table:_
 |---------|-------|------|-----------|-----------|-----------|-----------|--------------|
 | Repository topics | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Repository code search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Global code search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Global code search | ✓ | ✘ | ✓ | ✘ | ✓ | ✓ | ✓ |
 | Git LFS 2.0 | ✓ | ✘ | ✓ | ✓ | ✓ | ⁄ | ✓ |
 | Group Milestones | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Granular user roles (Code, Issues, Wiki etc) | ✓ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
@@ -74,7 +77,7 @@ _Symbols used in table:_
 | Issue templates | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Labels | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Time tracking | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Multiple assignees for issues | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Multiple assignees for issues | ✓ | ✘ | ✓ | ✘ | ✓ | ✘ | ✘ |
 | Related issues | ✘ | ✘ | ⁄ | ✘ | ✓ | ✘ | ✘ |
 | Confidential issues | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Comment reactions | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
@@ -84,6 +87,7 @@ _Symbols used in table:_
 | Create new branches from issues | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Issue search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Global issue search | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Issue dependency | ✓ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
 
 #### Pull/Merge requests
 
@@ -92,8 +96,8 @@ _Symbols used in table:_
 | Pull/Merge requests | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Squash merging | ✓ | ✘ | ✓ | ✘ | ✓ | ✓ | ✓ |
 | Rebase merging | ✓ | ✓ | ✓ | ✘ | ⁄ | ✘ | ✓ |
-| Pull/Merge request inline comments | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Pull/Merge request approval | ✘ | ✘ | ⁄ | ✓ | ✓ | ✓ | ✓ |
+| Pull/Merge request inline comments | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Pull/Merge request approval | ✓ | ✘ | ⁄ | ✓ | ✓ | ✓ | ✓ |
 | Merge conflict resolution | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Restrict push and merge access to certain users | ✓ | ✘ | ✓ | ⁄ | ✓ | ✓ | ✓ |
 | Revert specific commits or a merge request | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |

docs/content/doc/installation/from-binary.en-us.md

@@ -21,10 +21,18 @@ the destination platform from the [downloads page](https://dl.gitea.io/gitea), c
 the URL and replace the URL within the commands below:
 
 ```sh
-wget -O gitea https://dl.gitea.io/gitea/1.4.2/gitea-1.4.2-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/1.5.0/gitea-1.5.0-linux-amd64
 chmod +x gitea
 ```
 
+## Verify GPG signature
+Gitea signs all binaries with a [GPG key](https://pgp.mit.edu/pks/lookup?op=vindex&fingerprint=on&search=0x2D9AE806EC1592E2) to prevent against unwanted modification of binaries. To validate the binary download the signature file which ends in `.asc` for the binary you downloaded and use the gpg command line tool.
+
+```sh
+gpg --keyserver pgp.mit.edu --recv 0x2D9AE806EC1592E2
+gpg --verify gitea-1.5.0-linux-amd64.asc gitea-1.5.0-linux-amd64
+```
+
 ## Test
 
 After getting a binary, it can be tested with `./gitea web` or moved to a permanent
@@ -82,6 +90,20 @@ cp gitea /usr/local/bin/gitea
 
 See how to create [Linux service]({{< relref "run-as-service-in-ubuntu.en-us.md" >}})
 
+## Updating to a new version
+
+You can update to a new version of gitea by stopping gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance. 
+The binary file name should not be changed during the update to avoid problems 
+in existing repositories. 
+
+It is recommended you do a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.
+
+If you have carried out the installation steps as described above, the binary should 
+have the generic name `gitea`. Do not change this, i.e. to include the version number. 
+
+See below for troubleshooting instructions to repair broken repositories after 
+an update of your gitea version.
+
 ## Troubleshooting
 
 ### Old glibc versions
@@ -99,3 +121,25 @@ For errors like `702 runWeb()] [E] Failed to start server: listen tcp 0.0.0.0:30
 bind: address already in use` gitea needs to be started on another free port. This
 is possible using `./gitea web -p $PORT`. It's possible another instance of gitea
 is already running.
+
+### Git error after updating to a new version of gitea
+
+If the binary file name has been changed during the update to a new version of gitea, 
+git hooks in existing repositories will not work any more. In that case, a git 
+error will be displayed when pushing to the repository.
+
+```
+remote: ./hooks/pre-receive.d/gitea: line 2: [...]: No such file or directory
+```
+
+The `[...]` part of the error message will contain the path to your previous gitea 
+binary.
+
+To solve this, go to the admin options and run the task `Resynchronize pre-receive, 
+update and post-receive hooks of all repositories` to update all hooks to contain
+the new binary path. Please note that this overwrite all git hooks including ones
+with customizations made.
+
+If you aren't using the built-in to Gitea ssh server you will also need to re-write
+the authorized key file by running the `Update the '.ssh/authorized_keys' file with
+Gitea SSH keys.` task in the admin options.

docs/content/doc/installation/from-package.en-us.md

@@ -64,3 +64,16 @@ bundled templates, options, plugins and themes are in `/usr/local/share/gitea`,
 is in `/usr/local/etc/rc.d/gitea`.
 
 To enable Gitea to run as a service, run `sysrc gitea_enable=YES` and start it with `service gitea start`.
+
+## Cloudron
+
+Gitea is available as a 1-click install on [Cloudron](https://cloudron.io). For those unaware,
+Cloudron makes it easy to run apps like Gitea on your server and keep them up-to-date and secure.
+
+[![Install](https://cloudron.io/img/button.svg)](https://cloudron.io/button.html?app=io.gitea.cloudronapp)
+
+The Gitea package is maintained [here](https://git.cloudron.io/cloudron/gitea-app).
+
+There is a [demo instance](https://my-demo.cloudron.me) (username: cloudron password: cloudron) where
+you can experiment with running Gitea.
+

docs/content/doc/installation/with-docker.en-us.md

@@ -30,6 +30,8 @@ image as a service. Since there is no database available one can be initialized
 Create a directory like `gitea` and paste the following content into a file named `docker-compose.yml`.
 Note that the volume should be owned by the user/group with the UID/GID specified in the config file.
 If you don't give the volume correct permissions, the container may not start.
+Also be aware that the tag `:latest` will install the current development version.
+For a stable release you can use `:1` or specify a certain release like `:1.5.1`.
 
 ```yaml
 version: "2"
@@ -103,6 +105,11 @@ services:
     environment:
       - USER_UID=1000
       - USER_GID=1000
++      - DB_TYPE=mysql
++      - DB_HOST=db:3306
++      - DB_NAME=gitea
++      - DB_USER=gitea
++      - DB_PASSWD=gitea
     restart: always
     networks:
       - gitea
@@ -146,6 +153,11 @@ services:
     environment:
       - USER_UID=1000
       - USER_GID=1000
++      - DB_TYPE=postgres
++      - DB_HOST=db:5432
++      - DB_NAME=gitea
++      - DB_USER=gitea
++      - DB_PASSWD=gitea
     restart: always
     networks:
       - gitea

docs/content/doc/upgrade/from-gogs.en-us.md

@@ -33,50 +33,53 @@ There are some basic steps to follow. On a Linux system run as the Gogs user:
 * Enter Gitea admin panel on the UI, run `Rewrite '.ssh/authorized_keys' file`.
 * If custom or config path was changed, run `Rewrite all update hook of repositories`.
 
-### Change gogs specific information:
+## Change gogs specific information
 
 * Rename `gogs-repositories/` to `gitea-repositories/`
 * Rename `gogs-data/` to `gitea-data/`
 * In `gitea/custom/conf/app.ini` change:
 
-### Upgrading to most recent `gitea` version:
+  FROM:
+
+  ```ini
+  [database]
+  PATH = /home/:USER/gogs/data/:DATABASE.db
+  [attachment]
+  PATH = /home/:USER/gogs-data/attachments
+  [picture]
+  AVATAR_UPLOAD_PATH = /home/:USER/gogs-data/avatars
+  [log]
+  ROOT_PATH = /home/:USER/gogs/log
+  ```
+
+  TO:
+
+  ```ini
+  [database]
+  PATH = /home/:USER/gitea/data/:DATABASE.db
+  [attachment]
+  PATH = /home/:USER/gitea-data/attachments
+  [picture]
+  AVATAR_UPLOAD_PATH = /home/:USER/gitea-data/avatars
+  [log]
+  ROOT_PATH = /home/:USER/gitea/log
+  ```
+
+* Verify by starting Gitea with `gitea web`
+
+## Upgrading to most recent `gitea` version
+
 After successful migration from `gogs` to `gitea 1.0.x` it is possible to upgrade to the recent `gitea` version.
 Simply download the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea)
 and replace the binary.
 
-FROM:
-```
-[database]
-PATH = /home/:USER/gogs/data/:DATABASE.db
-[attachment]
-PATH = /home/:USER/gogs-data/attachments
-[picture]
-AVATAR_UPLOAD_PATH = /home/:USER/gogs-data/avatars
-[log]
-ROOT_PATH = /home/:USER/gogs/log
-```
-
-TO:
-```
-[database]
-PATH = /home/:USER/gitea/data/:DATABASE.db
-[attachment]
-PATH = /home/:USER/gitea-data/attachments
-[picture]
-AVATAR_UPLOAD_PATH = /home/:USER/gitea-data/avatars
-[log]
-ROOT_PATH = /home/:USER/gitea/log
-```
-
-* Verify by starting Gitea with `gitea web`
-
-### Troubleshooting
+## Troubleshooting
 
 * If errors are encountered relating to custom templates in the `gitea/custom/templates`
   folder, try moving the templates causing the errors away one by one. They may not be
   compatible with Gitea or an update.
 
-### Add Gitea to startup on Unix
+## Add Gitea to startup on Unix
 
 Update the appropriate file from [gitea/contrib](https://github.com/go-gitea/gitea/tree/master/contrib)
 with the right environment variables.

docs/content/doc/upgrade/from-gogs.fr-fr.md

@@ -19,7 +19,7 @@ menu:
 
 Veuillez suivre les étapes ci-dessous. Sur Unix, toute les commandes s'exécutent en tant que l'utilisateur utilisé pour votre installation de Gogs :
 
-* Crééer une sauvegarde de Gogs avec la commande `gogs dump`. Le fichier nouvellement créé `gogs-dump-[timestamp].zip` contient toutes les données de votre instance de Gogs. 
+* Crééer une sauvegarde de Gogs avec la commande `gogs dump`. Le fichier nouvellement créé `gogs-dump-[timestamp].zip` contient toutes les données de votre instance de Gogs.
 * Téléchargez le fichier correspondant à votre plateforme à partir de la [page de téléchargements](https://dl.gitea.io/gitea).
 * Mettez la binaire dans le répertoire d'installation souhaité.
 * Copiez le fichier `gogs/custom/conf/app.ini` vers `gitea/custom/conf/app.ini`.
@@ -29,43 +29,45 @@ Veuillez suivre les étapes ci-dessous. Sur Unix, toute les commandes s'exécute
 * Vérifiez votre installation en exécutant Gitea avec la commande `gitea web`.
 * Connectez vous au panel d'administration de Gitea et exécutez l'action `Rewrite '.ssh/authorized_keys' file`, puis l'action `Rewrite all update hook of repositories` (obligatoire si le chemin menant à votre configuration personnalisée à changé).
 
-### Modifier les informations spécifiques de gogs
+## Modifier les informations spécifiques de gogs
 
 * Renommez `gogs-repositories/` vers `gitea-repositories/`
 * Renommez `gogs-data/` to `gitea-data/`
 * Dans votre fichier `gitea/custom/conf/app.ini`, modifiez les éléments suivants:
 
-DE :
-```
-[database]
-PATH = /home/:USER/gogs/data/:DATABASE.db
-[attachment]
-PATH = /home/:USER/gogs-data/attachments
-[picture]
-AVATAR_UPLOAD_PATH = /home/:USER/gogs-data/avatars
-[log]
-ROOT_PATH = /home/:USER/gogs/log
-```
+  DE :
 
-VERS :
-```
-[database]
-PATH = /home/:USER/gitea/data/:DATABASE.db
-[attachment]
-PATH = /home/:USER/gitea-data/attachments
-[picture]
-AVATAR_UPLOAD_PATH = /home/:USER/gitea-data/avatars
-[log]
-ROOT_PATH = /home/:USER/gitea/log
-```
+  ```ini
+  [database]
+  PATH = /home/:USER/gogs/data/:DATABASE.db
+  [attachment]
+  PATH = /home/:USER/gogs-data/attachments
+  [picture]
+  AVATAR_UPLOAD_PATH = /home/:USER/gogs-data/avatars
+  [log]
+  ROOT_PATH = /home/:USER/gogs/log
+  ```
+
+  VERS :
+
+  ```ini
+  [database]
+  PATH = /home/:USER/gitea/data/:DATABASE.db
+  [attachment]
+  PATH = /home/:USER/gitea-data/attachments
+  [picture]
+  AVATAR_UPLOAD_PATH = /home/:USER/gitea-data/avatars
+  [log]
+  ROOT_PATH = /home/:USER/gitea/log
+  ```
 
 * Vérifiez votre installation en exécutant Gitea avec la commande `gitea web`.
 
-### Dépannage
+## Dépannage
 
 * Si vous rencontrez des erreurs relatives à des modèles personnalisés dans le dossier `gitea/custom/templates`, essayez de déplacer un par un les modèles provoquant les erreurs. Il est possible qu'ils ne soient pas compatibles avec Gitea.
 
-### Démarrer automatiquement Gitea (Unix)
+## Démarrer automatiquement Gitea (Unix)
 
 Distributions utilisant systemd:
 

docs/content/doc/usage.zh-cn.md

@@ -0,0 +1,13 @@
+---
+date: "2016-12-27T16:00:00+02:00"
+title: "使用指南"
+slug: "usage"
+weight: 35
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "使用指南"
+    weight: 35
+    identifier: "usage"
+---

docs/content/doc/usage/backup-and-restore.zh-cn.md

@@ -1,6 +1,6 @@
 ---
 date: "2018-06-06T09:33:00+08:00"
-title: "使用: 备份与恢复"
+title: "使用：备份与恢复"
 slug: "backup-and-restore"
 weight: 11
 toc: true

docs/content/doc/usage/command-line.md

@@ -72,6 +72,50 @@ Admin operations:
         - Examples:
             - `gitea admin regenerate hooks`
             - `gitea admin regenerate keys`
+    - `auth`:
+        - `list`:
+            - Description: lists all external authentication sources that exist
+            - Options:
+                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
+            - Examples:
+                - `gitea auth list`
+        - `delete`:
+            - Options:
+                - `--id`: ID of source to be deleted. Required.
+                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
+            - Examples:
+                - `gitea auth delete --id 1`
+        - `add-oauth`:
+            - Options:
+                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
+                - `--name`: Application Name.
+                - `--provider`: OAuth2 Provider.
+                - `--key`: Client ID (Key).
+                - `--secret`: Client Secret.
+                - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
+                - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
+                - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
+                - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
+                - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
+                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
+            - Examples:
+                - `gitea auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
+        - `update-oauth`:
+            - Options:
+                - `--id`: ID of source to be updated. Required.
+                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
+                - `--name`: Application Name.
+                - `--provider`: OAuth2 Provider.
+                - `--key`: Client ID (Key).
+                - `--secret`: Client Secret.
+                - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
+                - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
+                - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
+                - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
+                - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
+                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
+            - Examples:
+                - `gitea auth update-oauth --id 1 --name external-github-updated`
 
 #### cert
 

docs/content/doc/usage/https-support.md

@@ -32,6 +32,24 @@ KEY_FILE = key.pem
 ```
 To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
 
+## Using Let's Encrypt
+
+[Let's Encrypt](https://letsencrypt.org/) is a Certificate Authority that allows you to automatically request and renew SSL/TLS certificates. In addition to starting Gitea on your configured port, to request HTTPS certificates Gitea will also need to listed on port 80, and will set up an autoredirect to HTTPS for you. Let's Encrypt will need to be able to access Gitea via the Internet to verify your ownership of the domain.
+
+By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)
+
+```ini
+[server]
+PROTOCOL=https
+DOMAIN=git.example.com
+ENABLE_LETSENCRYPT=true
+LETSENCRYPT_ACCEPTTOS=true
+LETSENCRYPT_DIRECTORY=https
+LETSENCRYPT_EMAIL=email@example.com
+```
+
+To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
+
 ## Using reverse proxy
 
 Setup up your reverse proxy like shown in the [reverse proxy guide](../reverse-proxies).

docs/content/doc/usage/issue-pull-request-templates.zh-cn.md

@@ -0,0 +1,37 @@
+---
+date: "2018-05-10T16:00:00+02:00"
+title: "使用：Issue 和 Pull Request 模板"
+slug: "issue-pull-request-templates"
+weight: 15
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Issue 和 Pull Request 模板"
+    weight: 15
+    identifier: "issue-pull-request-templates"
+---
+
+# 使用 Issue 和 Pull Request 模板
+
+对于一些项目，在创建 issue 或 pull request 时有一个标准的询问列表需要提交者填写。Gitea 支持添加此类模板至 repository 的主分支，以便提交者在创建 issue 或 pull request 时可以自动生成一个需要完成的表单，这么做可以减少一些前期关于 issue 抑或 pull request 细节上的沟通成本。
+
+以下罗列了一些可供参考的 issue 模板:
+
+* ISSUE_TEMPLATE.md
+* issue_template.md
+* .gitea/ISSUE_TEMPLATE.md
+* .gitea/issue_template.md
+* .github/ISSUE_TEMPLATE.md
+* .github/issue_template.md
+
+
+以下罗列了一些可供参考的 PR 模板:
+
+* PULL_REQUEST_TEMPLATE.md
+* pull_request_template.md
+* .gitea/PULL_REQUEST_TEMPLATE.md
+* .gitea/pull_request_template.md
+* .github/PULL_REQUEST_TEMPLATE.md
+* .github/pull_request_template.md

docs/content/doc/usage/pull-request.en-us.md

@@ -0,0 +1,31 @@
+---
+date: "2018-06-01T19:00:00+02:00"
+title: "Usage: Pull Request"
+slug: "pull-request"
+weight: 13
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Pull Request"
+    weight: 13
+    identifier: "pull-request"
+---
+
+# Pull Request
+
+## "Work In Progress" pull requests
+
+Marking a pull request as being a work in progress will prevent that pull request from being accidentally merged. To mark a pull request as being a work in progress, you must prefix its title by `WIP:` or `[WIP]` (case insensitive). Those values are configurable in your `app.ini` file :
+
+```
+[repository.pull-request]
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+```
+
+The first value of the list will be used in helpers.
+
+## Pull Request Templates
+
+You can find more information about pull request templates in the dedicated page : [Issue and Pull Request templates](../issue-pull-request-templates)

docs/content/doc/usage/pull-request.zh-cn.md

@@ -0,0 +1,31 @@
+---
+date: "2018-06-01T19:00:00+02:00"
+title: "使用：Pull Request"
+slug: "pull-request"
+weight: 13
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Pull Request"
+    weight: 13
+    identifier: "pull-request"
+---
+
+# Pull Request
+
+## 在 pull requests 使用“Work In Progress”标记
+
+您可以通过在一个进行中的 pull request 的标题上添加前缀 `WIP:` 或者 `[WIP]`（此处大小写敏感）来防止它被意外合并，具体的前缀设置可以在配置文件 `app.ini` 中找到：
+
+```
+[repository.pull-request]
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+```
+
+列表的第一个值将用于 helpers 程序。
+
+## Pull Request 模板
+
+有关 pull request 模板的更多信息请您移步 : [Issue and Pull Request templates](../issue-pull-request-templates)

docs/content/doc/usage/reverse-proxies.en-us.md

@@ -81,7 +81,7 @@ Then set `[server] ROOT_URL = http://git.example.com/git/` in your configuration
 
 Note: The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`
 
-## Using Caddy with a Sub-path as a reverse proxy
+## Using Caddy as a reverse proxy
 
 If you want Caddy to serve your Gitea instance you can add the following server block to your Caddyfile:
 

docs/content/doc/usage/reverse-proxies.zh-cn.md

@@ -0,0 +1,105 @@
+---
+date: "2018-05-22T11:00:00+00:00"
+title: "使用：反向代理"
+slug: "reverse-proxies"
+weight: 17
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "反向代理"
+    weight: 16
+    identifier: "reverse-proxies"
+---
+
+## 使用 Nginx 作为反向代理服务
+
+如果您想使用 Nginx 作为 Gitea 的反向代理服务，您可以参照以下 `nginx.conf` 配置中 `server` 的 `http` 部分：
+
+```
+server {
+    listen 80;
+    server_name git.example.com;
+
+    location / {
+        proxy_pass http://localhost:3000;
+    }
+}
+```
+
+## 使用 Nginx 作为反向代理服务并将 Gitea 路由至一个子路径
+
+如果您已经有一个域名并且想与 Gitea 共享该域名，您可以增加以下 `nginx.conf` 配置中 `server` 的 `http` 部分，为 Gitea 添加路由规则：
+
+```
+server {
+    listen 80;
+    server_name git.example.com;
+
+    location /git/ { # Note: Trailing slash
+        proxy_pass http://localhost:3000/; # Note: Trailing slash
+    }
+}
+```
+
+然后在您的 Gitea 配置文件中添加 `[server] ROOT_URL = http://git.example.com/git/`。
+
+## 使用 Apache HTTPD 作为反向代理服务
+
+如果您想使用 Apache HTTPD 作为 Gitea 的反向代理服务，您可以为您的 Apache HTTPD 作如下配置（在 Ubuntu 中，配置文件通常在 `/etc/apache2/httpd.conf` 目录下）：
+
+```
+<VirtualHost *:80>
+    ...
+    ProxyPreserveHost On
+    ProxyRequests off
+    ProxyPass / http://localhost:3000/
+    ProxyPassReverse / http://localhost:3000/
+</VirtualHost>
+```
+
+注：必须启用以下 Apache HTTPD 组件：`proxy`， `proxy_http`
+
+## 使用 Apache HTTPD 作为反向代理服务并将 Gitea 路由至一个子路径
+
+如果您已经有一个域名并且想与 Gitea 共享该域名，您可以增加以下配置为 Gitea 添加路由规则（在 Ubuntu 中，配置文件通常在 `/etc/apache2/httpd.conf` 目录下）：
+
+```
+<VirtualHost *:80>
+    ...
+    <Proxy *>
+         Order allow,deny
+         Allow from all
+    </Proxy>
+
+    ProxyPass /git http://localhost:3000 # Note: no trailing slash after either /git or port
+    ProxyPassReverse /git http://localhost:3000 # Note: no trailing slash after either /git or port
+</VirtualHost>
+```
+
+然后在您的 Gitea 配置文件中添加 `[server] ROOT_URL = http://git.example.com/git/`。
+
+注：必须启用以下 Apache HTTPD 组件：`proxy`， `proxy_http`
+
+## 使用 Caddy 作为反向代理服务
+
+如果您想使用 Caddy 作为 Gitea 的反向代理服务，您可以在 `Caddyfile` 中添加如下配置：
+
+```
+git.example.com {
+    proxy / http://localhost:3000
+}
+```
+
+## 使用 Caddy 作为反向代理服务并将 Gitea 路由至一个子路径
+
+如果您已经有一个域名并且想与 Gitea 共享该域名，您可以在您的 `Caddyfile` 文件中增加以下配置，为 Gitea 添加路由规则：
+
+```
+git.example.com {
+    proxy /git/ http://localhost:3000 # Note: Trailing Slash after /git/
+}
+```
+
+然后在您的 Gitea 配置文件中添加 `[server] ROOT_URL = http://git.example.com/git/`。

docs/docker/caddy.conf

@@ -1,44 +0,0 @@
-:80 {
-  root /srv/www
-
-  locale en-US zh-CN zh-TW pt-BR nl-NL fr-FR {
-    detect header
-  }
-
-  redir 301 {
-    if {path} match ^/$
-    / /{>Detected-Locale}/
-  }
-
-  rewrite /en-US/ {
-    regexp (.*)
-    to /en-us/{1}
-  }
-
-  rewrite /zh-CN/ {
-    regexp (.*)
-    to /zh-cn/{1}
-  }
-
-  rewrite /zh-TW/ {
-    regexp (.*)
-    to /zh-tw/{1}
-  }
-
-  rewrite /pt-BR/ {
-    regexp (.*)
-    to /pt-br/{1}
-  }
-
-  rewrite /nl-NL/ {
-    regexp (.*)
-    to /nl-nl/{1}
-  }
-
-  rewrite /fr-FR/ {
-    regexp (.*)
-    to /fr-fr/{1}
-  }
-
-  header / Vary "Accept-Language"
-}

docs/static/_headers

@@ -0,0 +1,6 @@
+/*
+  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com
+  X-Frame-Options: DENY
+  X-Xss-Protection: 1; mode=block
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: strict-origin-when-cross-origin

docs/static/_redirects

@@ -0,0 +1,8 @@
+https://gitea-docs.netlify.com/* https://docs.gitea.io/:splat 302!
+
+/ /fr-fr/ 302! Language=fr
+/ /nl-nl/ 302! Language=nl
+/ /pt-br/ 302! Language=pt-br
+/ /zh-cn/ 302! Language=zh-cn
+/ /zh-tw/ 302! Language=zh-tw
+/ /en-us/ 302!

integrations/README.md

@@ -2,14 +2,16 @@
 
 Integration tests can be run with make commands for the
 appropriate backends, namely:
-
-  make test-mysql
-  make test-pgsql
-  make test-sqlite
+```shell
+make test-mysql
+make test-pgsql
+make test-sqlite
+```
 
 Make sure to perform a clean build before running tests:
-
-    make clean build
+```
+make clean build
+```
 
 ## Run all tests via local drone
 ```
@@ -45,7 +47,6 @@ TEST_PGSQL_HOST=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAdd
 ## Running individual tests
 
 Example command to run GPG test with sqlite backend:
-
 ```
 go test -c code.gitea.io/gitea/integrations \
   -o integrations.sqlite.test -tags 'sqlite' &&

integrations/README_ZH.md

@@ -0,0 +1,56 @@
+# 关于集成测试
+
+使用如下 make 命令可以运行指定的集成测试：
+```shell
+make test-mysql
+make test-pgsql
+make test-sqlite
+```
+
+在执行集成测试命令前请确保清理了之前的构建环境，清理命令如下：
+```
+make clean build
+```
+
+## 如何在本地 drone 服务器上运行所有测试
+```
+drone exec --local --build-event "pull_request"
+```
+
+## 如何使用 sqlite 数据库进行集成测试
+使用该命令执行集成测试
+```
+make test-sqlite
+```
+
+## 如何使用 mysql 数据库进行集成测试
+首先在docker容器里部署一个 mysql 数据库
+```
+docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container) 
+```
+之后便可以基于这个数据库进行集成测试
+```
+TEST_MYSQL_HOST="$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql):3306" TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql
+```
+
+## 如何使用 pgsql 数据库进行集成测试
+同上，首先在 docker 容器里部署一个 pgsql 数据库
+```
+docker run -e "POSTGRES_DB=test" --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container) 
+```
+之后便可以基于这个数据库进行集成测试
+```
+TEST_PGSQL_HOST=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql) TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
+```
+
+## 如何进行自定义的集成测试
+
+下面的示例展示了怎样基于 sqlite 数据库进行 GPG 测试：
+```
+go test -c code.gitea.io/gitea/integrations \
+  -o integrations.sqlite.test -tags 'sqlite' &&
+  GITEA_ROOT="$GOPATH/src/code.gitea.io/gitea" \
+  GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test \
+  -test.v -test.run GPG
+```
+

integrations/api_admin_test.go

@@ -11,6 +11,8 @@ import (
 
 	"code.gitea.io/gitea/models"
 	api "code.gitea.io/sdk/gitea"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
@@ -19,7 +21,8 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
 	session := loginUser(t, "user1")
 	keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
 
-	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
 		"title": "test-key",
@@ -36,8 +39,8 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
 		OwnerID:     keyOwner.ID,
 	})
 
-	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d",
-		keyOwner.Name, newPublicKey.ID)
+	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
+		keyOwner.Name, newPublicKey.ID, token)
 	session.MakeRequest(t, req, http.StatusNoContent)
 	models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID})
 }
@@ -47,7 +50,8 @@ func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {
 	// user1 is an admin user
 	session := loginUser(t, "user1")
 
-	req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", models.NonexistentID)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token=%s", models.NonexistentID, token)
 	session.MakeRequest(t, req, http.StatusNotFound)
 }
 
@@ -57,7 +61,8 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
 	normalUsername := "user2"
 	session := loginUser(t, adminUsername)
 
-	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", adminUsername, token)
 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
 		"title": "test-key",
@@ -67,7 +72,37 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
 	DecodeJSON(t, resp, &newPublicKey)
 
 	session = loginUser(t, normalUsername)
-	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d",
-		adminUsername, newPublicKey.ID)
+	token = getTokenForLoggedInUser(t, session)
+	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
+		adminUsername, newPublicKey.ID, token)
+	session.MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPISudoUser(t *testing.T) {
+	prepareTestEnv(t)
+	adminUsername := "user1"
+	normalUsername := "user2"
+	session := loginUser(t, adminUsername)
+	token := getTokenForLoggedInUser(t, session)
+
+	urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", normalUsername, token)
+	req := NewRequest(t, "GET", urlStr)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	var user api.User
+	DecodeJSON(t, resp, &user)
+
+	assert.Equal(t, normalUsername, user.UserName)
+}
+
+func TestAPISudoUserForbidden(t *testing.T) {
+	prepareTestEnv(t)
+	adminUsername := "user1"
+	normalUsername := "user2"
+
+	session := loginUser(t, normalUsername)
+	token := getTokenForLoggedInUser(t, session)
+
+	urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", adminUsername, token)
+	req := NewRequest(t, "GET", urlStr)
 	session.MakeRequest(t, req, http.StatusForbidden)
 }

integrations/api_branch_test.go

@@ -17,7 +17,8 @@ func testAPIGetBranch(t *testing.T, branchName string, exists bool) {
 	prepareTestEnv(t)
 
 	session := loginUser(t, "user2")
-	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branches/%s", branchName)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branches/%s?token=%s", branchName, token)
 	resp := session.MakeRequest(t, req, NoExpectedStatus)
 	if !exists {
 		assert.EqualValues(t, http.StatusNotFound, resp.Code)

integrations/api_comment_test.go

@@ -69,8 +69,9 @@ func TestAPICreateComment(t *testing.T) {
 	repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, repoOwner.Name)
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/comments",
-		repoOwner.Name, repo.Name, issue.Index)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/comments?token=%s",
+		repoOwner.Name, repo.Name, issue.Index, token)
 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
 		"body": commentBody,
 	})
@@ -93,8 +94,9 @@ func TestAPIEditComment(t *testing.T) {
 	repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, repoOwner.Name)
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d",
-		repoOwner.Name, repo.Name, comment.ID)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d?token=%s",
+		repoOwner.Name, repo.Name, comment.ID, token)
 	req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{
 		"body": newCommentBody,
 	})
@@ -117,8 +119,9 @@ func TestAPIDeleteComment(t *testing.T) {
 	repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, repoOwner.Name)
-	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/comments/%d",
-		repoOwner.Name, repo.Name, comment.ID)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/comments/%d?token=%s",
+		repoOwner.Name, repo.Name, comment.ID, token)
 	session.MakeRequest(t, req, http.StatusNoContent)
 
 	models.AssertNotExistsBean(t, &models.Comment{ID: comment.ID})

integrations/api_gpg_keys_test.go

@@ -20,16 +20,18 @@ type makeRequestFunc func(testing.TB, *http.Request, int) *httptest.ResponseReco
 func TestGPGKeys(t *testing.T) {
 	prepareTestEnv(t)
 	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session)
 
 	tt := []struct {
 		name        string
 		makeRequest makeRequestFunc
+		token       string
 		results     []int
 	}{
-		{name: "NoLogin", makeRequest: MakeRequest,
+		{name: "NoLogin", makeRequest: MakeRequest, token: "",
 			results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized},
 		},
-		{name: "LoggedAsUser2", makeRequest: session.MakeRequest,
+		{name: "LoggedAsUser2", makeRequest: session.MakeRequest, token: token,
 			results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusInternalServerError, http.StatusInternalServerError, http.StatusCreated, http.StatusCreated}},
 	}
 
@@ -38,29 +40,29 @@ func TestGPGKeys(t *testing.T) {
 		//Basic test on result code
 		t.Run(tc.name, func(t *testing.T) {
 			t.Run("ViewOwnGPGKeys", func(t *testing.T) {
-				testViewOwnGPGKeys(t, tc.makeRequest, tc.results[0])
+				testViewOwnGPGKeys(t, tc.makeRequest, tc.token, tc.results[0])
 			})
 			t.Run("ViewGPGKeys", func(t *testing.T) {
-				testViewGPGKeys(t, tc.makeRequest, tc.results[1])
+				testViewGPGKeys(t, tc.makeRequest, tc.token, tc.results[1])
 			})
 			t.Run("GetGPGKey", func(t *testing.T) {
-				testGetGPGKey(t, tc.makeRequest, tc.results[2])
+				testGetGPGKey(t, tc.makeRequest, tc.token, tc.results[2])
 			})
 			t.Run("DeleteGPGKey", func(t *testing.T) {
-				testDeleteGPGKey(t, tc.makeRequest, tc.results[3])
+				testDeleteGPGKey(t, tc.makeRequest, tc.token, tc.results[3])
 			})
 
 			t.Run("CreateInvalidGPGKey", func(t *testing.T) {
-				testCreateInvalidGPGKey(t, tc.makeRequest, tc.results[4])
+				testCreateInvalidGPGKey(t, tc.makeRequest, tc.token, tc.results[4])
 			})
 			t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) {
-				testCreateNoneRegistredEmailGPGKey(t, tc.makeRequest, tc.results[5])
+				testCreateNoneRegistredEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[5])
 			})
 			t.Run("CreateValidGPGKey", func(t *testing.T) {
-				testCreateValidGPGKey(t, tc.makeRequest, tc.results[6])
+				testCreateValidGPGKey(t, tc.makeRequest, tc.token, tc.results[6])
 			})
 			t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) {
-				testCreateValidSecondaryEmailGPGKey(t, tc.makeRequest, tc.results[7])
+				testCreateValidSecondaryEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[7])
 			})
 		})
 	}
@@ -70,7 +72,7 @@ func TestGPGKeys(t *testing.T) {
 
 		var keys []*api.GPGKey
 
-		req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") //GET all keys
+		req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token) //GET all keys
 		resp := session.MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &keys)
 
@@ -91,7 +93,7 @@ func TestGPGKeys(t *testing.T) {
 		assert.EqualValues(t, false, primaryKey2.Emails[0].Verified)
 
 		var key api.GPGKey
-		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)) //Primary key 1
+		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)+"?token="+token) //Primary key 1
 		resp = session.MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &key)
 		assert.EqualValues(t, "38EA3BCED732982C", key.KeyID)
@@ -99,13 +101,13 @@ func TestGPGKeys(t *testing.T) {
 		assert.EqualValues(t, "user2@example.com", key.Emails[0].Email)
 		assert.EqualValues(t, true, key.Emails[0].Verified)
 
-		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)) //Subkey of 38EA3BCED732982C
+		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)+"?token="+token) //Subkey of 38EA3BCED732982C
 		resp = session.MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &key)
 		assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID)
 		assert.EqualValues(t, 0, len(key.Emails))
 
-		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)) //Primary key 2
+		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)+"?token="+token) //Primary key 2
 		resp = session.MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &key)
 		assert.EqualValues(t, "FABF39739FE1E927", key.KeyID)
@@ -119,7 +121,7 @@ func TestGPGKeys(t *testing.T) {
 	t.Run("CheckCommits", func(t *testing.T) {
 		t.Run("NotSigned", func(t *testing.T) {
 			var branch api.Branch
-			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed")
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed?token="+token)
 			resp := session.MakeRequest(t, req, http.StatusOK)
 			DecodeJSON(t, resp, &branch)
 			assert.EqualValues(t, false, branch.Commit.Verification.Verified)
@@ -127,7 +129,7 @@ func TestGPGKeys(t *testing.T) {
 
 		t.Run("SignedWithNotValidatedEmail", func(t *testing.T) {
 			var branch api.Branch
-			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated")
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated?token="+token)
 			resp := session.MakeRequest(t, req, http.StatusOK)
 			DecodeJSON(t, resp, &branch)
 			assert.EqualValues(t, false, branch.Commit.Verification.Verified)
@@ -135,7 +137,7 @@ func TestGPGKeys(t *testing.T) {
 
 		t.Run("SignedWithValidEmail", func(t *testing.T) {
 			var branch api.Branch
-			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign")
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign?token="+token)
 			resp := session.MakeRequest(t, req, http.StatusOK)
 			DecodeJSON(t, resp, &branch)
 			assert.EqualValues(t, true, branch.Commit.Verification.Verified)
@@ -143,39 +145,39 @@ func TestGPGKeys(t *testing.T) {
 	})
 }
 
-func testViewOwnGPGKeys(t *testing.T, makeRequest makeRequestFunc, expected int) {
-	req := NewRequest(t, "GET", "/api/v1/user/gpg_keys")
+func testViewOwnGPGKeys(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+	req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token)
 	makeRequest(t, req, expected)
 }
 
-func testViewGPGKeys(t *testing.T, makeRequest makeRequestFunc, expected int) {
-	req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys")
+func testViewGPGKeys(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+	req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys?token="+token)
 	makeRequest(t, req, expected)
 }
 
-func testGetGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) {
-	req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1")
+func testGetGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+	req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1?token="+token)
 	makeRequest(t, req, expected)
 }
 
-func testDeleteGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) {
-	req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1")
+func testDeleteGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+	req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1?token="+token)
 	makeRequest(t, req, expected)
 }
 
-func testCreateGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int, publicKey string) {
-	req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{
+func testCreateGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int, publicKey string) {
+	req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys?token="+token, api.CreateGPGKeyOption{
 		ArmoredKey: publicKey,
 	})
 	makeRequest(t, req, expected)
 }
 
-func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) {
-	testCreateGPGKey(t, makeRequest, expected, "invalid_key")
+func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+	testCreateGPGKey(t, makeRequest, token, expected, "invalid_key")
 }
 
-func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) {
-	testCreateGPGKey(t, makeRequest, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+	testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh
 dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O
@@ -194,9 +196,9 @@ INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz
 -----END PGP PUBLIC KEY BLOCK-----`)
 }
 
-func testCreateValidGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) {
+func testCreateValidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
 	//User2 <user2@example.com> //primary & activated
-	testCreateGPGKey(t, makeRequest, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+	testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW
 VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS
@@ -228,9 +230,9 @@ uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h
 -----END PGP PUBLIC KEY BLOCK-----`)
 }
 
-func testCreateValidSecondaryEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) {
+func testCreateValidSecondaryEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
 	//User2 <user21@example.com> //secondary and not activated
-	testCreateGPGKey(t, makeRequest, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+	testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4
 PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD

integrations/api_issue_label_test.go

@@ -23,12 +23,13 @@ func TestAPIAddIssueLabels(t *testing.T) {
 	label := models.AssertExistsAndLoadBean(t, &models.Label{RepoID: repo.ID}).(*models.Label)
 	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels",
-		owner.Name, repo.Name, issue.Index)
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels?token=%s",
+		owner.Name, repo.Name, issue.Index, token)
 	req := NewRequestWithJSON(t, "POST", urlStr, &api.IssueLabelsOption{
 		Labels: []int64{label.ID},
 	})
-	session := loginUser(t, owner.Name)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	var apiLabels []*api.Label
 	DecodeJSON(t, resp, &apiLabels)
@@ -45,12 +46,13 @@ func TestAPIReplaceIssueLabels(t *testing.T) {
 	label := models.AssertExistsAndLoadBean(t, &models.Label{RepoID: repo.ID}).(*models.Label)
 	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels",
-		owner.Name, repo.Name, issue.Index)
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels?token=%s",
+		owner.Name, repo.Name, issue.Index, token)
 	req := NewRequestWithJSON(t, "PUT", urlStr, &api.IssueLabelsOption{
 		Labels: []int64{label.ID},
 	})
-	session := loginUser(t, owner.Name)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	var apiLabels []*api.Label
 	DecodeJSON(t, resp, &apiLabels)

integrations/api_issue_test.go

@@ -5,13 +5,13 @@
 package integrations
 
 import (
+	"fmt"
 	"net/http"
 	"testing"
 
 	"code.gitea.io/gitea/models"
 	api "code.gitea.io/sdk/gitea"
 
-	"fmt"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -22,8 +22,9 @@ func TestAPIListIssues(t *testing.T) {
 	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, owner.Name)
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues?state=all",
-		owner.Name, repo.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues?state=all&token=%s",
+		owner.Name, repo.Name, token)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	var apiIssues []*api.Issue
 	DecodeJSON(t, resp, &apiIssues)
@@ -41,8 +42,8 @@ func TestAPICreateIssue(t *testing.T) {
 	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, owner.Name)
-
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues?state=all", owner.Name, repo.Name)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues?state=all&token=%s", owner.Name, repo.Name, token)
 	req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateIssueOption{
 		Body:     body,
 		Title:    title,

integrations/api_keys_test.go

@@ -46,8 +46,8 @@ func TestCreateReadOnlyDeployKey(t *testing.T) {
 	repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, repoOwner.Name)
-
-	keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys", repoOwner.Name, repo.Name)
+	token := getTokenForLoggedInUser(t, session)
+	keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token)
 	rawKeyBody := api.CreateKeyOption{
 		Title:    "read-only",
 		Key:      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
@@ -72,8 +72,8 @@ func TestCreateReadWriteDeployKey(t *testing.T) {
 	repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, repoOwner.Name)
-
-	keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys", repoOwner.Name, repo.Name)
+	token := getTokenForLoggedInUser(t, session)
+	keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token)
 	rawKeyBody := api.CreateKeyOption{
 		Title: "read-write",
 		Key:   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsufOCrDDlT8DLkodnnJtbq7uGflcPae7euTfM+Laq4So+v4WeSV362Rg0O/+Sje1UthrhN6lQkfRkdWIlCRQEXg+LMqr6RhvDfZquE2Xwqv/itlz7LjbdAUdYoO1iH7rMSmYvQh4WEnC/DAacKGbhdGIM/ZBz0z6tHm7bPgbI9ykEKekTmPwQFP1Qebvf5NYOFMWqQ2sCEAI9dBMVLoojsIpV+KADf+BotiIi8yNfTG2rzmzpxBpW9fYjd1Sy1yd4NSUpoPbEJJYJ1TrjiSWlYOVq9Ar8xW1O87i6gBjL/3zN7ANeoYhaAXupdOS6YL22YOK/yC0tJtXwwdh/eSrh",

integrations/api_pull_test.go

@@ -5,10 +5,13 @@
 package integrations
 
 import (
+	"fmt"
 	"net/http"
 	"testing"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/sdk/gitea"
 
 	"github.com/stretchr/testify/assert"
@@ -20,7 +23,8 @@ func TestAPIViewPulls(t *testing.T) {
 	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 
 	session := loginUser(t, "user2")
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all", owner.Name, repo.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all&token="+token, owner.Name, repo.Name)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	var pulls []*api.PullRequest
@@ -28,3 +32,27 @@ func TestAPIViewPulls(t *testing.T) {
 	expectedLen := models.GetCount(t, &models.Issue{RepoID: repo.ID}, models.Cond("is_pull = ?", true))
 	assert.Len(t, pulls, expectedLen)
 }
+
+// TestAPIMergePullWIP ensures that we can't merge a WIP pull request
+func TestAPIMergePullWIP(t *testing.T) {
+	prepareTestEnv(t)
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+	pr := models.AssertExistsAndLoadBean(t, &models.PullRequest{Status: models.PullRequestStatusMergeable}, models.Cond("has_merged = ?", false)).(*models.PullRequest)
+	pr.LoadIssue()
+	pr.Issue.ChangeTitle(owner, setting.Repository.PullRequest.WorkInProgressPrefixes[0]+" "+pr.Issue.Title)
+
+	// force reload
+	pr.LoadAttributes()
+
+	assert.Contains(t, pr.Issue.Title, setting.Repository.PullRequest.WorkInProgressPrefixes[0])
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge?token=%s", owner.Name, repo.Name, pr.Index, token), &auth.MergePullRequestForm{
+		MergeMessageField: pr.Issue.Title,
+		Do:                string(models.MergeStyleMerge),
+	})
+
+	session.MakeRequest(t, req, http.StatusMethodNotAllowed)
+}

integrations/api_releases_test.go

@@ -22,7 +22,7 @@ func TestAPICreateRelease(t *testing.T) {
 	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
 	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
 	session := loginUser(t, owner.LowerName)
-
+	token := getTokenForLoggedInUser(t, session)
 	gitRepo, err := git.OpenRepository(repo.RepoPath())
 	assert.NoError(t, err)
 
@@ -32,8 +32,8 @@ func TestAPICreateRelease(t *testing.T) {
 	commitID, err := gitRepo.GetTagCommitID("v0.0.1")
 	assert.NoError(t, err)
 
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases",
-		owner.Name, repo.Name)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases?token=%s",
+		owner.Name, repo.Name, token)
 	req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateReleaseOption{
 		TagName:      "v0.0.1",
 		Title:        "v0.0.1",
@@ -53,8 +53,8 @@ func TestAPICreateRelease(t *testing.T) {
 		Note:    newRelease.Note,
 	})
 
-	urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/%d",
-		owner.Name, repo.Name, newRelease.ID)
+	urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/%d?token=%s",
+		owner.Name, repo.Name, newRelease.ID, token)
 	req = NewRequest(t, "GET", urlStr)
 	resp = session.MakeRequest(t, req, http.StatusOK)
 

integrations/api_repo_raw_test.go

@@ -16,16 +16,17 @@ func TestAPIReposRaw(t *testing.T) {
 	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
 	// Login as User2.
 	session := loginUser(t, user.Name)
+	token := getTokenForLoggedInUser(t, session)
 
 	for _, ref := range [...]string{
 		"master", // Branch
 		"v1.1",   // Tag
 		"65f1bf27bc3bf70f64657658635e66094edbcb4d", // Commit
 	} {
-		req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md", user.Name, ref)
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md?token="+token, user.Name, ref)
 		session.MakeRequest(t, req, http.StatusOK)
 	}
 	// Test default branch
-	req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md", user.Name)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md?token="+token, user.Name)
 	session.MakeRequest(t, req, http.StatusOK)
 }

integrations/api_repo_test.go

@@ -67,16 +67,16 @@ func TestAPISearchRepo(t *testing.T) {
 		expectedResults
 	}{
 		{name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50", expectedResults: expectedResults{
-			nil:   {count: 16},
-			user:  {count: 16},
-			user2: {count: 16}},
+			nil:   {count: 19},
+			user:  {count: 19},
+			user2: {count: 19}},
 		},
 		{name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10", expectedResults: expectedResults{
 			nil:   {count: 10},
 			user:  {count: 10},
 			user2: {count: 10}},
 		},
-		{name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search", expectedResults: expectedResults{
+		{name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default", expectedResults: expectedResults{
 			nil:   {count: 10},
 			user:  {count: 10},
 			user2: {count: 10}},
@@ -143,9 +143,11 @@ func TestAPISearchRepo(t *testing.T) {
 				var session *TestSession
 				var testName string
 				var userID int64
+				var token string
 				if userToLogin != nil && userToLogin.ID > 0 {
 					testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
 					session = loginUser(t, userToLogin.Name)
+					token = getTokenForLoggedInUser(t, session)
 					userID = userToLogin.ID
 				} else {
 					testName = "AnonymousUser"
@@ -153,7 +155,7 @@ func TestAPISearchRepo(t *testing.T) {
 				}
 
 				t.Run(testName, func(t *testing.T) {
-					request := NewRequest(t, "GET", testCase.requestURL)
+					request := NewRequest(t, "GET", testCase.requestURL+"&token="+token)
 					response := session.MakeRequest(t, request, http.StatusOK)
 
 					var body api.SearchResults
@@ -210,28 +212,104 @@ func TestAPIViewRepo(t *testing.T) {
 func TestAPIOrgRepos(t *testing.T) {
 	prepareTestEnv(t)
 	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+	user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
 	// User3 is an Org. Check their repos.
 	sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
-	// Login as User2.
-	session := loginUser(t, user.Name)
 
-	req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", sourceOrg.Name)
-	resp := session.MakeRequest(t, req, http.StatusOK)
+	expectedResults := map[*models.User]struct {
+		count           int
+		includesPrivate bool
+	}{
+		nil:   {count: 1},
+		user:  {count: 2, includesPrivate: true},
+		user2: {count: 3, includesPrivate: true},
+		user3: {count: 1},
+	}
 
-	var apiRepos []*api.Repository
-	DecodeJSON(t, resp, &apiRepos)
-	expectedLen := models.GetCount(t, models.Repository{OwnerID: sourceOrg.ID},
-		models.Cond("is_private = ?", false))
-	assert.Len(t, apiRepos, expectedLen)
-	for _, repo := range apiRepos {
-		assert.False(t, repo.Private)
+	for userToLogin, expected := range expectedResults {
+		var session *TestSession
+		var testName string
+		var token string
+		if userToLogin != nil && userToLogin.ID > 0 {
+			testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
+			session = loginUser(t, userToLogin.Name)
+			token = getTokenForLoggedInUser(t, session)
+		} else {
+			testName = "AnonymousUser"
+			session = emptyTestSession(t)
+		}
+		t.Run(testName, func(t *testing.T) {
+			req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
+			resp := session.MakeRequest(t, req, http.StatusOK)
+
+			var apiRepos []*api.Repository
+			DecodeJSON(t, resp, &apiRepos)
+			assert.Len(t, apiRepos, expected.count)
+			for _, repo := range apiRepos {
+				if !expected.includesPrivate {
+					assert.False(t, repo.Private)
+				}
+			}
+		})
 	}
 }
 
 func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
 	prepareTestEnv(t)
 	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
-	sess := loginUser(t, user.Name)
-	req := NewRequestf(t, "GET", "/api/v1/repositories/2")
-	sess.MakeRequest(t, req, http.StatusNotFound)
+	session := loginUser(t, user.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token)
+	session.MakeRequest(t, req, http.StatusNotFound)
+}
+
+func TestAPIRepoMigrate(t *testing.T) {
+	testCases := []struct {
+		ctxUserID, userID  int64
+		cloneURL, repoName string
+		expectedStatus     int
+	}{
+		{ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-admin", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-own", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
+		{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-org", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
+	}
+
+	prepareTestEnv(t)
+	for _, testCase := range testCases {
+		user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
+		session := loginUser(t, user.Name)
+		token := getTokenForLoggedInUser(t, session)
+		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOption{
+			CloneAddr: testCase.cloneURL,
+			UID:       int(testCase.userID),
+			RepoName:  testCase.repoName,
+		})
+		session.MakeRequest(t, req, testCase.expectedStatus)
+	}
+}
+
+func TestAPIOrgRepoCreate(t *testing.T) {
+	testCases := []struct {
+		ctxUserID         int64
+		orgName, repoName string
+		expectedStatus    int
+	}{
+		{ctxUserID: 1, orgName: "user3", repoName: "repo-admin", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, orgName: "user3", repoName: "repo-own", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, orgName: "user6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},
+	}
+
+	prepareTestEnv(t)
+	for _, testCase := range testCases {
+		user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
+		session := loginUser(t, user.Name)
+		token := getTokenForLoggedInUser(t, session)
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos?token="+token, testCase.orgName), &api.CreateRepoOption{
+			Name: testCase.repoName,
+		})
+		session.MakeRequest(t, req, testCase.expectedStatus)
+	}
 }

integrations/api_team_test.go

@@ -21,7 +21,8 @@ func TestAPITeam(t *testing.T) {
 	user := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser.UID}).(*models.User)
 
 	session := loginUser(t, user.Name)
-	req := NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	var apiTeam api.Team

integrations/api_token_test.go

@@ -0,0 +1,50 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/sdk/gitea"
+)
+
+// TestAPICreateAndDeleteToken tests that token that was just created can be deleted
+func TestAPICreateAndDeleteToken(t *testing.T) {
+	prepareTestEnv(t)
+	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/users/user1/tokens", map[string]string{
+		"name": "test-key-1",
+	})
+	req = AddBasicAuthHeader(req, user.Name)
+	resp := MakeRequest(t, req, http.StatusCreated)
+
+	var newAccessToken api.AccessToken
+	DecodeJSON(t, resp, &newAccessToken)
+	models.AssertExistsAndLoadBean(t, &models.AccessToken{
+		ID:   newAccessToken.ID,
+		Name: newAccessToken.Name,
+		Sha1: newAccessToken.Sha1,
+		UID:  user.ID,
+	})
+
+	req = NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", newAccessToken.ID)
+	req = AddBasicAuthHeader(req, user.Name)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	models.AssertNotExistsBean(t, &models.AccessToken{ID: newAccessToken.ID})
+}
+
+// TestAPIDeleteMissingToken ensures that error is thrown when token not found
+func TestAPIDeleteMissingToken(t *testing.T) {
+	prepareTestEnv(t)
+	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+
+	req := NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", models.NonexistentID)
+	req = AddBasicAuthHeader(req, user.Name)
+	MakeRequest(t, req, http.StatusNotFound)
+}

integrations/git_test.go

@@ -75,7 +75,8 @@ func TestGit(t *testing.T) {
 
 				t.Run("CreateRepo", func(t *testing.T) {
 					session := loginUser(t, "user2")
-					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{
+					token := getTokenForLoggedInUser(t, session)
+					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
 						AutoInit:    true,
 						Description: "Temporary repo",
 						Name:        "repo-tmp-17",
@@ -142,7 +143,8 @@ func TestGit(t *testing.T) {
 
 			session := loginUser(t, "user1")
 			keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
-			urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
+			token := getTokenForLoggedInUser(t, session)
+			urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
 
 			dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
 			assert.NoError(t, err)
@@ -166,7 +168,8 @@ func TestGit(t *testing.T) {
 			t.Run("Standard", func(t *testing.T) {
 				t.Run("CreateRepo", func(t *testing.T) {
 					session := loginUser(t, "user2")
-					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{
+					token := getTokenForLoggedInUser(t, session)
+					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
 						AutoInit:    true,
 						Description: "Temporary repo",
 						Name:        "repo-tmp-18",

integrations/gitea-repositories-meta/user2/utf8.git/HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

integrations/gitea-repositories-meta/user2/utf8.git/config

@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true

integrations/gitea-repositories-meta/user2/utf8.git/description

@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.

integrations/gitea-repositories-meta/user2/utf8.git/hooks/applypatch-msg.sample

@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message taken by
+# applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.  The hook is
+# allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "applypatch-msg".
+
+. git-sh-setup
+commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
+test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
+:

integrations/gitea-repositories-meta/user2/utf8.git/hooks/commit-msg.sample

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "commit-msg".
+
+# Uncomment the below to add a Signed-off-by line to the message.
+# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
+# hook is more suited to it.
+#
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}

integrations/gitea-repositories-meta/user2/utf8.git/hooks/post-receive

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/post-receive.d"`; do
+    sh "$SHELL_FOLDER/post-receive.d/$i"
+done

integrations/gitea-repositories-meta/user2/utf8.git/hooks/post-receive.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" post-receive

integrations/gitea-repositories-meta/user2/utf8.git/hooks/post-update.sample

@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# An example hook script to prepare a packed repository for use over
+# dumb transports.
+#
+# To enable this hook, rename this file to "post-update".
+
+exec git update-server-info

integrations/gitea-repositories-meta/user2/utf8.git/hooks/pre-applypatch.sample

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed
+# by applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-applypatch".
+
+. git-sh-setup
+precommit="$(git rev-parse --git-path hooks/pre-commit)"
+test -x "$precommit" && exec "$precommit" ${1+"$@"}
+:

integrations/gitea-repositories-meta/user2/utf8.git/hooks/pre-commit.sample

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+# If you want to allow non-ASCII filenames set this variable to true.
+allownonascii=$(git config --bool hooks.allownonascii)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# Cross platform projects tend to avoid non-ASCII filenames; prevent
+# them from being added to the repository. We exploit the fact that the
+# printable range starts at the space character and ends with tilde.
+if [ "$allownonascii" != "true" ] &&
+	# Note that the use of brackets around a tr range is ok here, (it's
+	# even required, for portability to Solaris 10's /usr/bin/tr), since
+	# the square bracket bytes happen to fall in the designated range.
+	test $(git diff --cached --name-only --diff-filter=A -z $against |
+	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
+then
+	cat <<\EOF
+Error: Attempt to add a non-ASCII file name.
+
+This can cause problems if you want to work with people on other platforms.
+
+To be portable it is advisable to rename the file.
+
+If you know what you are doing you can disable this check using:
+
+  git config hooks.allownonascii true
+EOF
+	exit 1
+fi
+
+# If there are whitespace errors, print the offending file names and fail.
+exec git diff-index --check --cached $against --

integrations/gitea-repositories-meta/user2/utf8.git/hooks/pre-push.sample

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# An example hook script to verify what is about to be pushed.  Called by "git
+# push" after it has checked the remote status, but before anything has been
+# pushed.  If this script exits with a non-zero status nothing will be pushed.
+#
+# This hook is called with the following parameters:
+#
+# $1 -- Name of the remote to which the push is being done
+# $2 -- URL to which the push is being done
+#
+# If pushing without using a named remote those arguments will be equal.
+#
+# Information about the commits which are being pushed is supplied as lines to
+# the standard input in the form:
+#
+#   <local ref> <local sha1> <remote ref> <remote sha1>
+#
+# This sample shows how to prevent push of commits where the log message starts
+# with "WIP" (work in progress).
+
+remote="$1"
+url="$2"
+
+z40=0000000000000000000000000000000000000000
+
+while read local_ref local_sha remote_ref remote_sha
+do
+	if [ "$local_sha" = $z40 ]
+	then
+		# Handle delete
+		:
+	else
+		if [ "$remote_sha" = $z40 ]
+		then
+			# New branch, examine all commits
+			range="$local_sha"
+		else
+			# Update to existing branch, examine new commits
+			range="$remote_sha..$local_sha"
+		fi
+
+		# Check for WIP commit
+		commit=`git rev-list -n 1 --grep '^WIP' "$range"`
+		if [ -n "$commit" ]
+		then
+			echo >&2 "Found WIP commit in $local_ref, not pushing"
+			exit 1
+		fi
+	fi
+done
+
+exit 0

integrations/gitea-repositories-meta/user2/utf8.git/hooks/pre-rebase.sample

@@ -0,0 +1,169 @@
+#!/bin/sh
+#
+# Copyright (c) 2006, 2008 Junio C Hamano
+#
+# The "pre-rebase" hook is run just before "git rebase" starts doing
+# its job, and can prevent the command from running by exiting with
+# non-zero status.
+#
+# The hook is called with the following parameters:
+#
+# $1 -- the upstream the series was forked from.
+# $2 -- the branch being rebased (or empty when rebasing the current branch).
+#
+# This sample shows how to prevent topic branches that are already
+# merged to 'next' branch from getting rebased, because allowing it
+# would result in rebasing already published history.
+
+publish=next
+basebranch="$1"
+if test "$#" = 2
+then
+	topic="refs/heads/$2"
+else
+	topic=`git symbolic-ref HEAD` ||
+	exit 0 ;# we do not interrupt rebasing detached HEAD
+fi
+
+case "$topic" in
+refs/heads/??/*)
+	;;
+*)
+	exit 0 ;# we do not interrupt others.
+	;;
+esac
+
+# Now we are dealing with a topic branch being rebased
+# on top of master.  Is it OK to rebase it?
+
+# Does the topic really exist?
+git show-ref -q "$topic" || {
+	echo >&2 "No such branch $topic"
+	exit 1
+}
+
+# Is topic fully merged to master?
+not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
+if test -z "$not_in_master"
+then
+	echo >&2 "$topic is fully merged to master; better remove it."
+	exit 1 ;# we could allow it, but there is no point.
+fi
+
+# Is topic ever merged to next?  If so you should not be rebasing it.
+only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
+only_next_2=`git rev-list ^master           ${publish} | sort`
+if test "$only_next_1" = "$only_next_2"
+then
+	not_in_topic=`git rev-list "^$topic" master`
+	if test -z "$not_in_topic"
+	then
+		echo >&2 "$topic is already up-to-date with master"
+		exit 1 ;# we could allow it, but there is no point.
+	else
+		exit 0
+	fi
+else
+	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
+	/usr/bin/perl -e '
+		my $topic = $ARGV[0];
+		my $msg = "* $topic has commits already merged to public branch:\n";
+		my (%not_in_next) = map {
+			/^([0-9a-f]+) /;
+			($1 => 1);
+		} split(/\n/, $ARGV[1]);
+		for my $elem (map {
+				/^([0-9a-f]+) (.*)$/;
+				[$1 => $2];
+			} split(/\n/, $ARGV[2])) {
+			if (!exists $not_in_next{$elem->[0]}) {
+				if ($msg) {
+					print STDERR $msg;
+					undef $msg;
+				}
+				print STDERR " $elem->[1]\n";
+			}
+		}
+	' "$topic" "$not_in_next" "$not_in_master"
+	exit 1
+fi
+
+<<\DOC_END
+
+This sample hook safeguards topic branches that have been
+published from being rewound.
+
+The workflow assumed here is:
+
+ * Once a topic branch forks from "master", "master" is never
+   merged into it again (either directly or indirectly).
+
+ * Once a topic branch is fully cooked and merged into "master",
+   it is deleted.  If you need to build on top of it to correct
+   earlier mistakes, a new topic branch is created by forking at
+   the tip of the "master".  This is not strictly necessary, but
+   it makes it easier to keep your history simple.
+
+ * Whenever you need to test or publish your changes to topic
+   branches, merge them into "next" branch.
+
+The script, being an example, hardcodes the publish branch name
+to be "next", but it is trivial to make it configurable via
+$GIT_DIR/config mechanism.
+
+With this workflow, you would want to know:
+
+(1) ... if a topic branch has ever been merged to "next".  Young
+    topic branches can have stupid mistakes you would rather
+    clean up before publishing, and things that have not been
+    merged into other branches can be easily rebased without
+    affecting other people.  But once it is published, you would
+    not want to rewind it.
+
+(2) ... if a topic branch has been fully merged to "master".
+    Then you can delete it.  More importantly, you should not
+    build on top of it -- other people may already want to
+    change things related to the topic as patches against your
+    "master", so if you need further changes, it is better to
+    fork the topic (perhaps with the same name) afresh from the
+    tip of "master".
+
+Let's look at this example:
+
+		   o---o---o---o---o---o---o---o---o---o "next"
+		  /       /           /           /
+		 /   a---a---b A     /           /
+		/   /               /           /
+	       /   /   c---c---c---c B         /
+	      /   /   /             \         /
+	     /   /   /   b---b C     \       /
+	    /   /   /   /             \     /
+    ---o---o---o---o---o---o---o---o---o---o---o "master"
+
+
+A, B and C are topic branches.
+
+ * A has one fix since it was merged up to "next".
+
+ * B has finished.  It has been fully merged up to "master" and "next",
+   and is ready to be deleted.
+
+ * C has not merged to "next" at all.
+
+We would want to allow C to be rebased, refuse A, and encourage
+B to be deleted.
+
+To compute (1):
+
+	git rev-list ^master ^topic next
+	git rev-list ^master        next
+
+	if these match, topic has not merged in next at all.
+
+To compute (2):
+
+	git rev-list master..topic
+
+	if this is empty, it is fully merged to "master".
+
+DOC_END

integrations/gitea-repositories-meta/user2/utf8.git/hooks/pre-receive

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/pre-receive.d"`; do
+    sh "$SHELL_FOLDER/pre-receive.d/$i"
+done

integrations/gitea-repositories-meta/user2/utf8.git/hooks/pre-receive.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" pre-receive

integrations/gitea-repositories-meta/user2/utf8.git/hooks/prepare-commit-msg.sample

@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# An example hook script to prepare the commit log message.
+# Called by "git commit" with the name of the file that has the
+# commit message, followed by the description of the commit
+# message's source.  The hook's purpose is to edit the commit
+# message file.  If the hook fails with a non-zero status,
+# the commit is aborted.
+#
+# To enable this hook, rename this file to "prepare-commit-msg".
+
+# This hook includes three examples.  The first comments out the
+# "Conflicts:" part of a merge commit.
+#
+# The second includes the output of "git diff --name-status -r"
+# into the message, just before the "git status" output.  It is
+# commented because it doesn't cope with --amend or with squashed
+# commits.
+#
+# The third example adds a Signed-off-by line to the message, that can
+# still be edited.  This is rarely a good idea.
+
+case "$2,$3" in
+  merge,)
+    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;
+
+# ,|template,)
+#   /usr/bin/perl -i.bak -pe '
+#      print "\n" . `git diff --cached --name-status -r`
+#	 if /^#/ && $first++ == 0' "$1" ;;
+
+  *) ;;
+esac
+
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

integrations/gitea-repositories-meta/user2/utf8.git/hooks/update

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/update.d"`; do
+    sh "$SHELL_FOLDER/update.d/$i" $1 $2 $3
+done

integrations/gitea-repositories-meta/user2/utf8.git/hooks/update.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" update $1 $2 $3

integrations/gitea-repositories-meta/user2/utf8.git/hooks/update.sample

@@ -0,0 +1,128 @@
+#!/bin/sh
+#
+# An example hook script to block unannotated tags from entering.
+# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
+#
+# To enable this hook, rename this file to "update".
+#
+# Config
+# ------
+# hooks.allowunannotated
+#   This boolean sets whether unannotated tags will be allowed into the
+#   repository.  By default they won't be.
+# hooks.allowdeletetag
+#   This boolean sets whether deleting tags will be allowed in the
+#   repository.  By default they won't be.
+# hooks.allowmodifytag
+#   This boolean sets whether a tag may be modified after creation. By default
+#   it won't be.
+# hooks.allowdeletebranch
+#   This boolean sets whether deleting branches will be allowed in the
+#   repository.  By default they won't be.
+# hooks.denycreatebranch
+#   This boolean sets whether remotely creating branches will be denied
+#   in the repository.  By default this is allowed.
+#
+
+# --- Command line
+refname="$1"
+oldrev="$2"
+newrev="$3"
+
+# --- Safety check
+if [ -z "$GIT_DIR" ]; then
+	echo "Don't run this script from the command line." >&2
+	echo " (if you want, you could supply GIT_DIR then run" >&2
+	echo "  $0 <ref> <oldrev> <newrev>)" >&2
+	exit 1
+fi
+
+if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
+	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
+	exit 1
+fi
+
+# --- Config
+allowunannotated=$(git config --bool hooks.allowunannotated)
+allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
+denycreatebranch=$(git config --bool hooks.denycreatebranch)
+allowdeletetag=$(git config --bool hooks.allowdeletetag)
+allowmodifytag=$(git config --bool hooks.allowmodifytag)
+
+# check for no description
+projectdesc=$(sed -e '1q' "$GIT_DIR/description")
+case "$projectdesc" in
+"Unnamed repository"* | "")
+	echo "*** Project description file hasn't been set" >&2
+	exit 1
+	;;
+esac
+
+# --- Check types
+# if $newrev is 0000...0000, it's a commit to delete a ref.
+zero="0000000000000000000000000000000000000000"
+if [ "$newrev" = "$zero" ]; then
+	newrev_type=delete
+else
+	newrev_type=$(git cat-file -t $newrev)
+fi
+
+case "$refname","$newrev_type" in
+	refs/tags/*,commit)
+		# un-annotated tag
+		short_refname=${refname##refs/tags/}
+		if [ "$allowunannotated" != "true" ]; then
+			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
+			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,delete)
+		# delete tag
+		if [ "$allowdeletetag" != "true" ]; then
+			echo "*** Deleting a tag is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,tag)
+		# annotated tag
+		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
+		then
+			echo "*** Tag '$refname' already exists." >&2
+			echo "*** Modifying a tag is not allowed in this repository." >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,commit)
+		# branch
+		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
+			echo "*** Creating a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,delete)
+		# delete branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/remotes/*,commit)
+		# tracking branch
+		;;
+	refs/remotes/*,delete)
+		# delete tracking branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	*)
+		# Anything else (is there anything else?)
+		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
+		exit 1
+		;;
+esac
+
+# --- Finished
+exit 0

integrations/gitea-repositories-meta/user2/utf8.git/info/exclude

@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~

integrations/gitea-repositories-meta/user2/utf8.git/info/refs

@@ -0,0 +1,9 @@
+ebf146f803fccbc1471ef01d8fa0fe12c14e61a5	refs/heads/Grüßen
+3a810dbf6b96afaa8c5f69a8b6ec1dabfca7368b	refs/heads/Plus+Is+Not+Space
+3aa73c3499bff049a352b4e265575373e964b89a	refs/heads/master
+ebf146f803fccbc1471ef01d8fa0fe12c14e61a5	refs/heads/ГлавнаяВетка
+ebf146f803fccbc1471ef01d8fa0fe12c14e61a5	refs/heads/а/б/в
+28d579e4920fbf4f66e71dab3e779d9fbf41422a	refs/heads/ブランチ
+ebf146f803fccbc1471ef01d8fa0fe12c14e61a5	refs/tags/Ё/人
+ebf146f803fccbc1471ef01d8fa0fe12c14e61a5	refs/tags/Тэг
+28d579e4920fbf4f66e71dab3e779d9fbf41422a	refs/tags/タグ

integrations/gitea-repositories-meta/user2/utf8.git/objects/28/d579e4920fbf4f66e71dab3e779d9fbf41422a

@@ -0,0 +1,3 @@
+x
<01><>Aj<41>0E<><45>)<29><>R(<28>ci<PJ{Ŗ<>)ILo_<6F>M<EFBFBD>]}x<>/<2F>u<EFBFBD>uDO<44><4F><EFBFBD>/<2F><>6!<21>9K<>KT<4B>H<EFBFBD>
+<EFBFBD><EFBFBD>(E<><45>vi<76>u<EFBFBD><75>|dK8Y<38>s<EFBFBD><73><EFBFBD><EFBFBD>Зd<D097><64>><0C>셜<EFBFBD><EC859C><EFBFBD>6<EFBFBD><1F><02><>·>d<>}<7D>u}O<13><>)x<><78><EFBFBD>i]<5D>%<25><>R<EFBFBD>Kv<4B><76>P<EFBFBD>ۢ<EFBFBD><DBA2><1F><>l<EFBFBD>
+u[<5B><>d<EFBFBD><64><EFBFBD><EFBFBD>ǣ><3E><1F><>Q<EFBFBD>

integrations/gitea-repositories-meta/user2/utf8.git/objects/eb/f146f803fccbc1471ef01d8fa0fe12c14e61a5

@@ -0,0 +1 @@
+x
<01><>]jC!<10><><EFBFBD>*<2A><>PtF<74>+<2B><>.e4#<11><><EFBFBD><18>쾶;<3B>Ӂ<EFBFBD><D381><EFBFBD><EFBFBD><EFBFBD>{<7B><><EFBFBD>_<EFBFBD>P<05><><1B><18>OX<4F><58><EFBFBD>r<EFBFBD><72>b<EFBFBD>2<EFBFBD>+<1C>yg<79>2<EFBFBD>2<EFBFBD>D"<15>)<29><><EFBFBD>I(`<60><>Bi<><69><EFBFBD>%1r<31><72>c<EFBFBD><63><EFBFBD><03><>O><3E>!<21><><EFBFBD>[9<><07>@<40><>-!<21>Z<EFBFBD><5A>,w<>M<EFBFBD>W<EFBFBD>|<7C>NPۮ<50><DBAE><EFBFBD><19>s<EFBFBD>}o.<2E><15><><EFBFBD>r<><72>UQ<7F><03>M<EFBFBD>

integrations/gitea-repositories-meta/user2/utf8.git/objects/info/packs

@@ -0,0 +1 @@
+

integrations/gitea-repositories-meta/user2/utf8.git/refs/heads/Grüßen

@@ -0,0 +1 @@
+ebf146f803fccbc1471ef01d8fa0fe12c14e61a5