Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  Fix Ruby package parsing by removed unused email field (go-gitea#20470)
  [skip ci] Updated translations via Crowdin
  Add repository condition for issue count (go-gitea#20454)
  Prepend commit message to template content (go-gitea#20429)
  Improve pprof doc (go-gitea#20463)
  Improve code diff highlight, fix incorrect rendered diff result (go-gitea#19958)
  Add Cache-Control header to html and api responses, add no-transform (go-gitea#20432)
  [skip ci] Updated translations via Crowdin
  Allow non-semver packages in the Conan package registry (go-gitea#20412)
  Use body text color in repository files table links (go-gitea#20386)
  Correct code block in installation docs for Snap (go-gitea#20440)
  Downgrade golangci-lint to 1.47.0 (go-gitea#20445)
  Add eslint-plugin-sonarjs (go-gitea#20431)
  Fix: Actor is required to get user repositories (go-gitea#20443)
  Add "X-Gitea-Object-Type" header for GET `/raw/` & `/media/` API (go-gitea#20438)
  Simplify visibility checks (go-gitea#20406)

.eslintrc.yaml

@@ -12,6 +12,7 @@ plugins:
   - eslint-plugin-unicorn
   - eslint-plugin-import
   - eslint-plugin-jquery
+  - eslint-plugin-sonarjs
 
 env:
   es2022: true
@@ -369,6 +370,38 @@ rules:
   semi-spacing: [2, {before: false, after: true}]
   semi-style: [2, last]
   semi: [2, always, {omitLastInOneLineBlock: true}]
+  sonarjs/cognitive-complexity: [0]
+  sonarjs/elseif-without-else: [0]
+  sonarjs/max-switch-cases: [0]
+  sonarjs/no-all-duplicated-branches: [2]
+  sonarjs/no-collapsible-if: [0]
+  sonarjs/no-collection-size-mischeck: [2]
+  sonarjs/no-duplicate-string: [0]
+  sonarjs/no-duplicated-branches: [0]
+  sonarjs/no-element-overwrite: [2]
+  sonarjs/no-empty-collection: [2]
+  sonarjs/no-extra-arguments: [0]
+  sonarjs/no-gratuitous-expressions: [2]
+  sonarjs/no-identical-conditions: [2]
+  sonarjs/no-identical-expressions: [0]
+  sonarjs/no-identical-functions: [0]
+  sonarjs/no-ignored-return: [2]
+  sonarjs/no-inverted-boolean-check: [2]
+  sonarjs/no-nested-switch: [0]
+  sonarjs/no-nested-template-literals: [0]
+  sonarjs/no-one-iteration-loop: [2]
+  sonarjs/no-redundant-boolean: [2]
+  sonarjs/no-redundant-jump: [0]
+  sonarjs/no-same-line-conditional: [2]
+  sonarjs/no-small-switch: [0]
+  sonarjs/no-unused-collection: [2]
+  sonarjs/no-use-of-empty-return-value: [2]
+  sonarjs/no-useless-catch: [0]
+  sonarjs/non-existent-operator: [2]
+  sonarjs/prefer-immediate-return: [0]
+  sonarjs/prefer-object-literal: [0]
+  sonarjs/prefer-single-boolean-return: [0]
+  sonarjs/prefer-while: [2]
   sort-imports: [0]
   sort-keys: [0]
   sort-vars: [0]

Makefile

@@ -29,7 +29,7 @@ AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.5.0
 ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.1
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.1
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.0
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0

cmd/web.go

@@ -148,8 +148,9 @@ func runWeb(ctx *cli.Context) error {
 		go func() {
 			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
 			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
+			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
 			log.Info("Starting pprof server on localhost:6060")
-			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
 			finished()
 		}()
 	}

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -300,7 +300,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
-- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
+- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
 - `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
 - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.

docs/content/doc/help/seek-help.en-us.md

@@ -44,12 +44,13 @@ menu:
     * This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
 5. If you meet slow/hanging/deadlock problems, please report the stack trace when the problem occurs:
     1. Enable pprof in `app.ini` and restart Gitea
-    ```
+    ```ini
     [server]
     ENABLE_PPROF = true
     ```
-    2. Trigger the bug, when Gitea gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP is `127.0.0.1` and port is `6060`)
-    3. Report the output (the stack trace doesn't contain sensitive data)
+    2. Trigger the bug, when Gitea gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP must be `127.0.0.1` and port must be `6060`). 
+    3. If you are using Docker, please use `docker exec -it <container-name> curl "http://127.0.0.1:6060/debug/pprof/goroutine?debug=1"`.
+    4. Report the output (the stack trace doesn't contain sensitive data)
 
 ## Bugs
 

docs/content/doc/installation/from-package.en-us.md

@@ -47,9 +47,9 @@ pacman -S gitea
 
 There is a [Gitea Snap](https://snapcraft.io/gitea) package which follows the latest stable version.
 
-``sh
+```sh
 snap install gitea
-``
+```
 
 ## SUSE and openSUSE
 

integrations/api_repo_raw_test.go

@@ -10,6 +10,8 @@ import (
 
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestAPIReposRaw(t *testing.T) {
@@ -25,9 +27,11 @@ func TestAPIReposRaw(t *testing.T) {
 		"65f1bf27bc3bf70f64657658635e66094edbcb4d", // Commit
 	} {
 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md?token="+token, user.Name, ref)
-		session.MakeRequest(t, req, http.StatusOK)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		assert.EqualValues(t, "file", resp.Header().Get("x-gitea-object-type"))
 	}
 	// Test default branch
 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md?token="+token, user.Name)
-	session.MakeRequest(t, req, http.StatusOK)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	assert.EqualValues(t, "file", resp.Header().Get("x-gitea-object-type"))
 }

models/repo/repo_list.go

@@ -6,6 +6,7 @@ package repo
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -695,6 +696,9 @@ func GetUserRepositories(opts *SearchRepoOptions) (RepositoryList, int64, error)
 	}
 
 	cond := builder.NewCond()
+	if opts.Actor == nil {
+		return nil, 0, errors.New("GetUserRepositories: Actor is needed but not given")
+	}
 	cond = cond.And(builder.Eq{"owner_id": opts.Actor.ID})
 	if !opts.Private {
 		cond = cond.And(builder.Eq{"is_private": false})

models/user/search.go

@@ -59,25 +59,18 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session {
 	}
 
 	if opts.Actor != nil {
-		exprCond := builder.Expr("org_user.org_id = `user`.id")
-
 		// If Admin - they see all users!
 		if !opts.Actor.IsAdmin {
-			// Force visibility for privacy
-			var accessCond builder.Cond
+			// Users can see an organization they are a member of
+			accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID}))
 			if !opts.Actor.IsRestricted {
-				accessCond = builder.Or(
-					builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID}, builder.Eq{"visibility": structs.VisibleTypePrivate}))),
-					builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
-			} else {
-				// restricted users only see orgs they are a member of
-				accessCond = builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID})))
+				// Not-Restricted users can see public and limited users/organizations
+				accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
 			}
 			// Don't forget about self
 			accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID})
 			cond = cond.And(accessCond)
 		}
-
 	} else {
 		// Force visibility for privacy
 		// Not logged in - only public users

modules/context/api.go

@@ -16,6 +16,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/httpcache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
@@ -268,6 +269,7 @@ func APIContexter() func(http.Handler) http.Handler {
 				}
 			}
 
+			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 			ctx.Data["Context"] = &ctx

modules/context/context.go

@@ -28,6 +28,7 @@ import (
 	"code.gitea.io/gitea/modules/base"
 	mc "code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/httpcache"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -767,6 +768,7 @@ func Contexter() func(next http.Handler) http.Handler {
 				}
 			}
 
+			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 			ctx.Data["CsrfToken"] = ctx.csrf.GetToken()

modules/highlight/highlight.go

@@ -40,9 +40,11 @@ var (
 // NewContext loads custom highlight map from local config
 func NewContext() {
 	once.Do(func() {
-		keys := setting.Cfg.Section("highlight.mapping").Keys()
-		for i := range keys {
-			highlightMapping[keys[i].Name()] = keys[i].Value()
+		if setting.Cfg != nil {
+			keys := setting.Cfg.Section("highlight.mapping").Keys()
+			for i := range keys {
+				highlightMapping[keys[i].Name()] = keys[i].Value()
+			}
 		}
 
 		// The size 512 is simply a conservative rule of thumb

modules/httpcache/httpcache.go

@@ -17,16 +17,23 @@ import (
 )
 
 // AddCacheControlToHeader adds suitable cache-control headers to response
-func AddCacheControlToHeader(h http.Header, d time.Duration) {
+func AddCacheControlToHeader(h http.Header, maxAge time.Duration, additionalDirectives ...string) {
+	directives := make([]string, 0, 2+len(additionalDirectives))
+
 	if setting.IsProd {
-		h.Set("Cache-Control", "private, max-age="+strconv.Itoa(int(d.Seconds())))
+		if maxAge == 0 {
+			directives = append(directives, "no-store")
+		} else {
+			directives = append(directives, "private", "max-age="+strconv.Itoa(int(maxAge.Seconds())))
+		}
 	} else {
-		h.Set("Cache-Control", "no-store")
+		directives = append(directives, "no-store")
+
 		// to remind users they are using non-prod setting.
-		// some users may be confused by "Cache-Control: no-store" in their setup if they did wrong to `RUN_MODE` in `app.ini`.
 		h.Add("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
-		h.Add("X-Gitea-Debug", "CacheControl=no-store")
 	}
+
+	h.Set("Cache-Control", strings.Join(append(directives, additionalDirectives...), ", "))
 }
 
 // generateETag generates an ETag based on size, filename and file modification time

modules/markup/html.go

@@ -1176,7 +1176,7 @@ func genDefaultLinkProcessor(defaultLink string) processor {
 		node.DataAtom = atom.A
 		node.Attr = []html.Attribute{
 			{Key: "href", Val: defaultLink},
-			{Key: "class", Val: "default-link"},
+			{Key: "class", Val: "default-link muted"},
 		}
 		node.FirstChild, node.LastChild = ch, ch
 	}

modules/packages/conan/reference.go

@@ -8,10 +8,9 @@ import (
 	"errors"
 	"fmt"
 	"regexp"
+	"strings"
 
 	"code.gitea.io/gitea/modules/log"
-
-	goversion "github.com/hashicorp/go-version"
 )
 
 const (
@@ -56,7 +55,9 @@ func NewRecipeReference(name, version, user, channel, revision string) (*RecipeR
 	if !namePattern.MatchString(name) {
 		return nil, ErrValidation
 	}
-	if _, err := goversion.NewSemver(version); err != nil {
+
+	v := strings.TrimSpace(version)
+	if v == "" {
 		return nil, ErrValidation
 	}
 	if user != "" && !namePattern.MatchString(user) {
@@ -69,7 +70,7 @@ func NewRecipeReference(name, version, user, channel, revision string) (*RecipeR
 		return nil, ErrValidation
 	}
 
-	return &RecipeReference{name, version, user, channel, revision}, nil
+	return &RecipeReference{name, v, user, channel, revision}, nil
 }
 
 func (r *RecipeReference) RevisionOrDefault() string {

modules/packages/conan/reference_test.go

@@ -34,6 +34,7 @@ func TestNewRecipeReference(t *testing.T) {
 		{"name", "1.0", "_", "_", "", true},
 		{"name", "1.0", "_", "_", "0", true},
 		{"name", "1.0", "", "", "0", true},
+		{"name", "1.0.0q", "", "", "0", true},
 		{"name", "1.0", "", "", "000000000000000000000000000000000000000000000000000000000000", false},
 	}
 

modules/packages/rubygems/metadata.go

@@ -80,7 +80,6 @@ type gemspec struct {
 		VersionRequirements requirement `yaml:"version_requirements"`
 	} `yaml:"dependencies"`
 	Description    string        `yaml:"description"`
-	Email          string        `yaml:"email"`
 	Executables    []string      `yaml:"executables"`
 	Extensions     []interface{} `yaml:"extensions"`
 	ExtraRdocFiles []string      `yaml:"extra_rdoc_files"`

options/locale/locale_el-GR.ini

@@ -1177,7 +1177,7 @@ projects.type.basic_kanban=Βασικό Kanban
 projects.type.bug_triage=Διαλογή Σφαλμάτων
 projects.template.desc=Πρότυπο έργου
 projects.template.desc_helper=Επιλέξτε ένα πρότυπο έργου για να ξεκινήσετε
-projects.type.uncategorized=Αταξινόμητο
+projects.type.uncategorized=Χωρίς Κατηγορία
 projects.board.edit=Επεξεργασία πίνακα
 projects.board.edit_title=Νέο Όνομα Πίνακα
 projects.board.new_title=Νέο Όνομα Πίνακα
@@ -1186,7 +1186,7 @@ projects.board.new=Νέος Πίνακας
 projects.board.set_default=Ορισμός Προεπιλογής
 projects.board.set_default_desc=Ορίστε αυτόν τον πίνακα ως προεπιλογή για μη κατηγοριοποιημένα ζητήματα και pull requests
 projects.board.delete=Διαγραφή Πίνακα
-projects.board.deletion_desc=Η διαγραφή ενός πίνακα έργου μετακινεί όλα τα σχετιζόμενα ζητήματα σε 'Αταξινόμητα'. Συνέχεια;
+projects.board.deletion_desc=Η διαγραφή ενός πίνακα έργου μετακινεί όλα τα σχετιζόμενα ζητήματα σε 'Χωρίς Κατηγορία'. Συνέχεια;
 projects.board.color=Χρώμα
 projects.open=Άνοιγμα
 projects.close=Κλείσιμο
@@ -1420,6 +1420,7 @@ issues.due_date_form_remove=Διαγραφή
 issues.due_date_not_writer=Χρειάζεστε πρόσβαση εγγραφής στο αποθετήριο για να ενημερώσετε την ημερομηνία λήξης ενός ζητήματος.
 issues.due_date_not_set=Δεν ορίστηκε ημερομηνία παράδοσης.
 issues.due_date_added=πρόσθεσε την ημερομηνία παράδοσης %s %s
+issues.due_date_modified=τροποποίησε την ημερομηνία παράδοσης από %[2]s σε %[1]s %[3]s
 issues.due_date_remove=αφαίρεσε την ημερομηνία παράδοσης %s %s
 issues.due_date_overdue=Εκπρόθεσμο
 issues.due_date_invalid=Η ημερομηνία παράδοσης δεν είναι έγκυρη ή εκτός εύρους. Παρακαλούμε χρησιμοποιήστε τη μορφή 'εεεε-μμ-ηη'.

options/locale/locale_ja-JP.ini

@@ -1420,6 +1420,7 @@ issues.due_date_form_remove=削除
 issues.due_date_not_writer=イシューの期日を変更するには、リポジトリへの書き込み権限が必要です。
 issues.due_date_not_set=期日は未設定です。
 issues.due_date_added=が期日 %s を追加 %s
+issues.due_date_modified=が期日を %[2]s から %[1]s に変更 %[3]s
 issues.due_date_remove=が期日 %s を削除 %s
 issues.due_date_overdue=期日は過ぎています
 issues.due_date_invalid=期日が正しくないか範囲を超えています。 'yyyy-mm-dd' の形式で入力してください。

package.json

@@ -50,6 +50,7 @@
     "eslint": "8.20.0",
     "eslint-plugin-import": "2.26.0",
     "eslint-plugin-jquery": "1.5.1",
+    "eslint-plugin-sonarjs": "0.13.0",
     "eslint-plugin-unicorn": "43.0.2",
     "eslint-plugin-vue": "9.2.0",
     "jest": "28.1.3",