Branch name
- master -> main

* Added additional email headers.

* Added tests.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

* Double the avatar size factor

This results on finer Avatar rendering on Hi-DPI display.

* fix test
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* bump postgres and mysql DB versions

* posgres test against v10
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* add a new internal hook to save ssh log

as title, when a ssh error ocure like #15785.
only when switch ``RUN_MODE`` to dev can we
found which error is ocure. But this way is
not a good idea for production envirment.

this changes try save ssh error mesage to the
log file like other log by a new internal hook.
I think it's usefull for find error message
in production envirment. Thanks.
Signed-off-by: a1012112796 <1012112796@qq.com>

* rename and fix nit

* Update modules/private/hook.go
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Signed-off-by: JustusBunsi <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

fix #15047
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Forgot these in https://github.com/go-gitea/gitea/pull/15804.

* Encrypt LDAP bind password in db with SECRET_KEY

The LDAP source bind password are currently stored in plaintext in the db
This PR simply encrypts them with the setting.SECRET_KEY.

Fix #15460
Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove ui warning regarding unencrypted password
Co-authored-by: silverwind <me@silverwind.io>

We already serve licenses.txt so we don't need these inline comments
preserved during esbuild minification. Saves around 4kB before gzip.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>

* Fix and restyle menu on code line

* fix multiline and more tweaks

* move to separate files

* remove has-context-menu class
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

There was a small regression in #15303 whereby token auth
with 2FA active would be disallowed.

This PR fixes this.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>

* continously -> continuously
* continous -> continuous

`Requires=` has the behaviour of stopping `gitea.service` when the
database is stopped but not bringing it up again after the database is
started again. Use `Wants=` to define a weak requirement instead,
meaning `gitea.service` will be kept running when the database is
stopped, which is not an issue because gitea will just reconnect later
on.

Fixes: https://github.com/go-gitea/gitea/issues/15866

Co-authored-by: zeripath <art27@cantab.net>

* don't prompt interactively for clone credentials

* apply GIT_TERMINAL_PROMPT=0 to all git cmds
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

- Replace remaining font icons with SVG in issue sidebar
- Rework issue due date display
- Realign avatar in timeline
- Fix font size in repo search and code explore
- Consolidate active button styles
- Fix loading form on arc-green
- Align time tracker buttons vertically

Fixes: https://github.com/go-gitea/gitea/issues/15896

Move the token API discussion into a common section discussing the
generation and listing of the tokens.  Add a note on the display of
the sha1 during creation and listing.
Co-authored-by: Norwin <noerw@users.noreply.github.com>

If the gitea service is stopped because of the db going down
it needs an `After=db.service` to ensure it is restarted in
addition to the `Requires=db.service` to ensure that the db
is started before gitea is started.

Fix #15866
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

The Tor browser does not use the system-ui font and no other fonts in the stack match
its default fonts. In fact it is possible that it will in future only
match generic fonts. This means that all rendering will first try the
emoji fonts before falling back to the sans-serif font for glyphs.

In this case has the emoji fall back fonts for Tor contains empty glyphs
for numbers - in order to protect privacy - and leads to numbers being
rendered as empty glyphs. This is clearly not ideal and whilst we could
use the Arimo font - as I state above I suspect that Tor will eventually
ban detecting this and we should instead move the sans-serif font higher
in the stack so that it matches before the emoji fonts.

Partial fix of #15844
Signed-off-by: Andrew Thornton <art27@cantab.net>

* GitHub: migrate draft releases too

* refactor

* Hold the event source when there are no listeners

The event source does not need to run when there are no listeners. Therefore
pause it when there are none.

* add some more logging
Signed-off-by: Andrew Thornton <art27@cantab.net>

* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username

ReverseProxy users should generate a session on reverse proxy username change.

Also prevent ReverseProxy users from changing their username.

Fix #2407

* add testcase
Signed-off-by: Andrew Thornton <art27@cantab.net>

* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>

Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693)

* move shutdownfns, terminatefns and hammerfns out of separate goroutines

Coalesce the shutdownfns etc into a list of functions that get run at shutdown
rather then have them run at goroutines blocked on selects.

This may help reduce the background select/poll load in certain
configurations.

* The LevelDB queues can actually wait on empty instead of polling

Slight refactor to cause leveldb queues to wait on empty instead of polling.

* Shutdown the shadow level queue once it is empty

* Remove bytefifo additional goroutine for readToChan as it can just be run in run

* Remove additional removeWorkers goroutine for workers

* Simplify the AtShutdown and AtTerminate functions and add Channel Flusher

* Add shutdown flusher to CUQ

* move persistable channel shutdown stuff to Shutdown Fn

* Ensure that UPCQ has the correct config

* handle shutdown during the flushing

* reduce risk of race between zeroBoost and addWorkers

* prevent double shutdown
Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix blame row alignment on firefox

* fix blame row alignment in chrome

* fix blame row alignment in safari

as per @silverwind
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Signed-off-by: Andrew Thornton <art27@cantab.net>