Merge remote-tracking branch 'go-gitea/main' into admin-user-list-filter

Author: wxiaoguang

custom/conf/app.example.ini

@@ -392,7 +392,7 @@ INTERNAL_TOKEN=
 ;; Enables OAuth2 provider
 ENABLE = true
 ;;
-;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
+;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
 ;JWT_SIGNING_ALGORITHM = RS256
 ;;
 ;; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.

models/issue_label.go

@@ -8,6 +8,7 @@ package models
 import (
 	"fmt"
 	"html/template"
+	"math"
 	"regexp"
 	"strconv"
 	"strings"
@@ -138,19 +139,44 @@ func (label *Label) BelongsToRepo() bool {
 	return label.RepoID > 0
 }
 
+// SrgbToLinear converts a component of an sRGB color to its linear intensity
+// See: https://en.wikipedia.org/wiki/SRGB#The_reverse_transformation_(sRGB_to_CIE_XYZ)
+func SrgbToLinear(color uint8) float64 {
+	flt := float64(color) / 255
+	if flt <= 0.04045 {
+		return flt / 12.92
+	}
+	return math.Pow((flt+0.055)/1.055, 2.4)
+}
+
+// Luminance returns the luminance of an sRGB color
+func Luminance(color uint32) float64 {
+	r := SrgbToLinear(uint8(0xFF & (color >> 16)))
+	g := SrgbToLinear(uint8(0xFF & (color >> 8)))
+	b := SrgbToLinear(uint8(0xFF & color))
+
+	// luminance ratios for sRGB
+	return 0.2126*r + 0.7152*g + 0.0722*b
+}
+
+// LuminanceThreshold is the luminance at which white and black appear to have the same contrast
+// i.e. x such that 1.05 / (x + 0.05) = (x + 0.05) / 0.05
+// i.e. math.Sqrt(1.05*0.05) - 0.05
+const LuminanceThreshold float64 = 0.179
+
 // ForegroundColor calculates the text color for labels based
 // on their background color.
 func (label *Label) ForegroundColor() template.CSS {
 	if strings.HasPrefix(label.Color, "#") {
 		if color, err := strconv.ParseUint(label.Color[1:], 16, 64); err == nil {
-			r := float32(0xFF & (color >> 16))
-			g := float32(0xFF & (color >> 8))
-			b := float32(0xFF & color)
-			luminance := (0.2126*r + 0.7152*g + 0.0722*b) / 255
+			// NOTE: see web_src/js/components/ContextPopup.vue for similar implementation
+			luminance := Luminance(uint32(color))
 
-			if luminance < 0.66 {
+			// prefer white or black based upon contrast
+			if luminance < LuminanceThreshold {
 				return template.CSS("#fff")
 			}
+			return template.CSS("#000")
 		}
 	}
 

models/user.go

@@ -1622,14 +1622,7 @@ func (opts *SearchUserOptions) toConds() builder.Cond {
 	}
 
 	if opts.Actor != nil {
-		var exprCond builder.Cond
-		if setting.Database.UseMySQL {
-			exprCond = builder.Expr("org_user.org_id = user.id")
-		} else if setting.Database.UseMSSQL {
-			exprCond = builder.Expr("org_user.org_id = [user].id")
-		} else {
-			exprCond = builder.Expr("org_user.org_id = \"user\".id")
-		}
+		var exprCond builder.Cond = builder.Expr("org_user.org_id = `user`.id")
 
 		// If Admin - they see all users!
 		if !opts.Actor.IsAdmin {

modules/repository/commits.go

@@ -30,6 +30,7 @@ type PushCommits struct {
 	Commits    []*PushCommit
 	HeadCommit *PushCommit
 	CompareURL string
+	Len        int
 
 	avatars    map[string]string
 	emailUsers map[string]*models.User
@@ -180,5 +181,12 @@ func GitToPushCommits(gitCommits []*git.Commit) *PushCommits {
 	for _, commit := range gitCommits {
 		commits = append(commits, CommitToPushCommit(commit))
 	}
-	return &PushCommits{commits, nil, "", make(map[string]string), make(map[string]*models.User)}
+	return &PushCommits{
+		Commits:    commits,
+		HeadCommit: nil,
+		CompareURL: "",
+		Len:        len(commits),
+		avatars:    make(map[string]string),
+		emailUsers: make(map[string]*models.User),
+	}
 }

modules/templates/helper.go

@@ -819,6 +819,11 @@ func ActionContent2Commits(act Actioner) *repository.PushCommits {
 	if err := json.Unmarshal([]byte(act.GetContent()), push); err != nil {
 		log.Error("json.Unmarshal:\n%s\nERROR: %v", act.GetContent(), err)
 	}
+
+	if push.Len == 0 {
+		push.Len = len(push.Commits)
+	}
+
 	return push
 }
 

options/locale/locale_en-US.ini

@@ -900,12 +900,12 @@ migrate.migrate = Migrate From %s
 migrate.migrating = Migrating from <b>%s</b> ...
 migrate.migrating_failed = Migrating from <b>%s</b> failed.
 migrate.migrating_failed.error = Error: %s
-migrate.github.description = Migrating data from Github.com or Github Enterprise.
-migrate.git.description = Migrating or Mirroring git data from Git services
-migrate.gitlab.description = Migrating data from GitLab.com or Self-Hosted gitlab server.
-migrate.gitea.description = Migrating data from Gitea.com or Self-Hosted Gitea server.
-migrate.gogs.description = Migrating data from notabug.org or other Self-Hosted Gogs server.
-migrate.onedev.description = Migrating data from code.onedev.io or Self-Hosted OneDev server.
+migrate.github.description = Migrate data from github.com or other Github instances.
+migrate.git.description = Migrate a repository only from any Git service.
+migrate.gitlab.description = Migrate data from gitlab.com or other GitLab instances.
+migrate.gitea.description = Migrate data from gitea.com or other Gitea instances.
+migrate.gogs.description = Migrate data from notabug.org or other Gogs instances.
+migrate.onedev.description = Migrate data from code.onedev.io or other OneDev instances.
 migrate.migrating_git = Migrating Git Data
 migrate.migrating_topics = Migrating Topics
 migrate.migrating_milestones = Migrating Milestones

options/locale/locale_pt-BR.ini

@@ -707,6 +707,7 @@ use_template=Usar este modelo
 clone_in_vsc=Clonar no VS Code
 download_zip=Baixar ZIP
 download_tar=Baixar TAR.GZ
+download_bundle=Baixar PACOTE
 generate_repo=Gerar repositório
 generate_from=Gerar de
 repo_desc=Descrição

options/locale/locale_pt-PT.ini

@@ -771,6 +771,7 @@ use_template=Usar este modelo
 clone_in_vsc=Clonar no VS Code
 download_zip=Descarregar ZIP
 download_tar=Descarregar TAR.GZ
+download_bundle=Descarregar PACOTE
 generate_repo=Gerar repositório
 generate_from=Gerar a partir de
 repo_desc=Descrição

routers/web/user/oauth.go

@@ -546,7 +546,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 
 	signingKey := oauth2.DefaultSigningKey
 	if signingKey.IsSymmetric() {
-		clientKey, err := oauth2.CreateJWTSingingKey(signingKey.SigningMethod().Alg(), []byte(form.ClientSecret))
+		clientKey, err := oauth2.CreateJWTSigningKey(signingKey.SigningMethod().Alg(), []byte(form.ClientSecret))
 		if err != nil {
 			handleAccessTokenError(ctx, AccessTokenError{
 				ErrorCode:        AccessTokenErrorCodeInvalidRequest,

routers/web/user/oauth_test.go

@@ -15,7 +15,7 @@ import (
 )
 
 func createAndParseToken(t *testing.T, grant *models.OAuth2Grant) *oauth2.OIDCToken {
-	signingKey, err := oauth2.CreateJWTSingingKey("HS256", make([]byte, 32))
+	signingKey, err := oauth2.CreateJWTSigningKey("HS256", make([]byte, 32))
 	assert.NoError(t, err)
 	assert.NotNil(t, signingKey)
 	oauth2.DefaultSigningKey = signingKey

services/auth/source/oauth2/jwtsigningkey.go

@@ -6,6 +6,7 @@ package oauth2
 
 import (
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
@@ -129,6 +130,57 @@ func (key rsaSingingKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
+type eddsaSigningKey struct {
+	signingMethod jwt.SigningMethod
+	key           ed25519.PrivateKey
+	id            string
+}
+
+func newEdDSASingingKey(signingMethod jwt.SigningMethod, key ed25519.PrivateKey) (eddsaSigningKey, error) {
+	kid, err := createPublicKeyFingerprint(key.Public().(ed25519.PublicKey))
+	if err != nil {
+		return eddsaSigningKey{}, err
+	}
+
+	return eddsaSigningKey{
+		signingMethod,
+		key,
+		base64.RawURLEncoding.EncodeToString(kid),
+	}, nil
+}
+
+func (key eddsaSigningKey) IsSymmetric() bool {
+	return false
+}
+
+func (key eddsaSigningKey) SigningMethod() jwt.SigningMethod {
+	return key.signingMethod
+}
+
+func (key eddsaSigningKey) SignKey() interface{} {
+	return key.key
+}
+
+func (key eddsaSigningKey) VerifyKey() interface{} {
+	return key.key.Public()
+}
+
+func (key eddsaSigningKey) ToJWK() (map[string]string, error) {
+	pubKey := key.key.Public().(ed25519.PublicKey)
+
+	return map[string]string{
+		"alg": key.SigningMethod().Alg(),
+		"kid": key.id,
+		"kty": "OKP",
+		"crv": "Ed25519",
+		"x":   base64.RawURLEncoding.EncodeToString(pubKey),
+	}, nil
+}
+
+func (key eddsaSigningKey) PreProcessToken(token *jwt.Token) {
+	token.Header["kid"] = key.id
+}
+
 type ecdsaSingingKey struct {
 	signingMethod jwt.SigningMethod
 	key           *ecdsa.PrivateKey
@@ -194,8 +246,8 @@ func createPublicKeyFingerprint(key interface{}) ([]byte, error) {
 	return checksum[:], nil
 }
 
-// CreateJWTSingingKey creates a signing key from an algorithm / key pair.
-func CreateJWTSingingKey(algorithm string, key interface{}) (JWTSigningKey, error) {
+// CreateJWTSigningKey creates a signing key from an algorithm / key pair.
+func CreateJWTSigningKey(algorithm string, key interface{}) (JWTSigningKey, error) {
 	var signingMethod jwt.SigningMethod
 	switch algorithm {
 	case "HS256":
@@ -218,11 +270,19 @@ func CreateJWTSingingKey(algorithm string, key interface{}) (JWTSigningKey, erro
 		signingMethod = jwt.SigningMethodES384
 	case "ES512":
 		signingMethod = jwt.SigningMethodES512
+	case "EdDSA":
+		signingMethod = jwt.SigningMethodEdDSA
 	default:
 		return nil, ErrInvalidAlgorithmType{algorithm}
 	}
 
 	switch signingMethod.(type) {
+	case *jwt.SigningMethodEd25519:
+		privateKey, ok := key.(ed25519.PrivateKey)
+		if !ok {
+			return nil, jwt.ErrInvalidKeyType
+		}
+		return newEdDSASingingKey(signingMethod, privateKey)
 	case *jwt.SigningMethodECDSA:
 		privateKey, ok := key.(*ecdsa.PrivateKey)
 		if !ok {
@@ -271,17 +331,19 @@ func InitSigningKey() error {
 	case "ES384":
 		fallthrough
 	case "ES512":
+		fallthrough
+	case "EdDSA":
 		key, err = loadOrCreateAsymmetricKey()
 
 	default:
 		return ErrInvalidAlgorithmType{setting.OAuth2.JWTSigningAlgorithm}
 	}
 
 	if err != nil {
-		return fmt.Errorf("Error while loading or creating symmetric key: %v", err)
+		return fmt.Errorf("Error while loading or creating JWT key: %v", err)
 	}
 
-	signingKey, err := CreateJWTSingingKey(setting.OAuth2.JWTSigningAlgorithm, key)
+	signingKey, err := CreateJWTSigningKey(setting.OAuth2.JWTSigningAlgorithm, key)
 	if err != nil {
 		return err
 	}
@@ -324,10 +386,15 @@ func loadOrCreateAsymmetricKey() (interface{}, error) {
 	if !isExist {
 		err := func() error {
 			key, err := func() (interface{}, error) {
-				if strings.HasPrefix(setting.OAuth2.JWTSigningAlgorithm, "RS") {
+				switch {
+				case strings.HasPrefix(setting.OAuth2.JWTSigningAlgorithm, "RS"):
 					return rsa.GenerateKey(rand.Reader, 4096)
+				case setting.OAuth2.JWTSigningAlgorithm == "EdDSA":
+					_, pk, err := ed25519.GenerateKey(rand.Reader)
+					return pk, err
+				default:
+					return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 				}
-				return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 			}()
 			if err != nil {
 				return err

templates/repo/migrate/gitea.tmpl

@@ -54,7 +54,7 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}} checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_merge_requests" | Safe}}</label>
+								<label>{{.i18n.Tr "repo.migrate_items_pullrequests" | Safe}}</label>
 							</div>
 							<div class="ui checkbox">
 								<input name="releases" type="checkbox" {{if .releases}} checked{{end}}>

templates/user/dashboard/feeds.tmpl

@@ -99,7 +99,7 @@
 										</span>
 									</li>
 								{{end}}
-								{{if and (gt (len $push.Commits) 1) $push.CompareURL}}<li><a href="{{AppSubUrl}}/{{$push.CompareURL}}">{{$.i18n.Tr "action.compare_commits" (len $push.Commits)}} »</a></li>{{end}}
+								{{if and (gt $push.Len 1) $push.CompareURL}}<li><a href="{{AppSubUrl}}/{{$push.CompareURL}}">{{$.i18n.Tr "action.compare_commits" $push.Len}} »</a></li>{{end}}
 							</ul>
 						</div>
 					{{else if eq .GetOpType 6}}

web_src/js/components/ContextPopup.vue

@@ -24,6 +24,22 @@ import {SvgIcon} from '../svg.js';
 
 const {AppSubUrl} = window.config;
 
+// NOTE: see models/issue_label.go for similar implementation
+const srgbToLinear = (color) => {
+  color /= 255;
+  if (color <= 0.04045) {
+    return color / 12.92;
+  }
+  return ((color + 0.055) / 1.055) ** 2.4;
+};
+const luminance = (colorString) => {
+  const r = srgbToLinear(parseInt(colorString.substring(0, 2), 16));
+  const g = srgbToLinear(parseInt(colorString.substring(2, 4), 16));
+  const b = srgbToLinear(parseInt(colorString.substring(4, 6), 16));
+  return 0.2126 * r + 0.7152 * g + 0.0722 * b;
+};
+const luminanceThreshold = 0.179;
+
 export default {
   name: 'ContextPopup',
 
@@ -74,14 +90,13 @@ export default {
 
     labels() {
       return this.issue.labels.map((label) => {
-        const red = parseInt(label.color.substring(0, 2), 16);
-        const green = parseInt(label.color.substring(2, 4), 16);
-        const blue = parseInt(label.color.substring(4, 6), 16);
-        let color = '#ffffff';
-        if ((red * 0.299 + green * 0.587 + blue * 0.114) > 125) {
-          color = '#000000';
+        let textColor;
+        if (luminance(label.color) < luminanceThreshold) {
+          textColor = '#ffffff';
+        } else {
+          textColor = '#000000';
         }
-        return {name: label.name, color: `#${label.color}`, textColor: color};
+        return {name: label.name, color: `#${label.color}`, textColor};
       });
     }
   },