Adds a Site Admin page to view loaded plugins with:
- Plugin name, version, description
- Features (Database, Web UI, API, Repository, Licensed)
- License status for licensed plugins
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add workflow filter to clear-cancelled, clear-failed, clear-running, clear-old-success
- Add any option to AI Learning runner type filter
- Fix ServerStats int64 types for FileSize template function
- Add CPULoad field with platform-specific implementations
- Fix actions list template with conditional button visibility
- Use Gitea styled modal dialogs for all clear buttons
🤖 Generated with Claude Code
- Add AI Learning admin section for viewing/editing error patterns
- Add server status tiles to admin dashboard (CPU load, memory, disk)
- Auto-refresh dashboard tiles using HTMX
- Fix error template text (GitCaddy Server)
- Dark mode compatibility for all new UI elements
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix lint errors in AI learning MCP tools (interface{} -> any, append pattern)
- Update OAuth realm names from Gitea to GitCaddy
- Update User-Agent strings to GitCaddy
- Update default git user.name, mailer X-Mailer header
- Update API docs descriptions
- Update template comments and swagger descriptions
- Keep Gitea attribution in footer and as OAuth provider option
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Hide Explore Users toggle checkbox to theme settings
- Move Help URL setting inside Theme Configuration section
- Fix closing div tag placement
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rebrand:
- Binary renamed to gitcaddy-server
- Default AppName: GitCaddy
- New favicon and homepage logo
- Updated licenses.txt with MarketAlly copyright
- Footer: Powered by GitCaddy Server (Based on Gitea)
Homepage:
- Title: GitCaddy
- Tagline: Steeped in your workflow
- AI-Native Platform, Deploy Anywhere, Lightning Fast, Open Source
New Features:
- Explore Organizations tile cards display option
- Pinned repos show DisplayTitle if set
Fixes:
- Pages renamed to Landing Page in settings
Environment Variables (backward compatible):
- GITCADDY__ prefix (GITEA__ still supported)
- GITCADDY_WORK_DIR, GITCADDY_CUSTOM
- Add repository display title field shown in header and explore listings
- Add license settings page with predefined license types
- Auto-create LICENSE.md when license type is selected
- Show license in repo sidebar with link to LICENSE.md
- Add API header link option in theme settings
- Default explore/organizations sort to alphabetical
- Show org DisplayName only in /explore/organizations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add customizable homepage title and tagline via admin theme settings
- Add ability for site admins to pin organizations to homepage
- Add pinned organization display format option (condensed/regular)
- Hide promotional text when pinned organizations are displayed
- Add database migration for is_homepage_pinned column
- Add custom site icon support for favicon and navbar
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This pull request adds an option to automatically verify SSH keys from
LDAP authentication sources.
This allows a correct authentication and verification workflow for
LDAP-enabled organizations; under normal circumstances SSH keys in LDAP
are not managed by users manually.
Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user
results in an error, even if the requester is an administrator. As far
as I can tell, this is a security feature, not architectural in nature,
as automatic account linking could be used to take control of another
user's account. This is not a concern for an administrator, who we
should trust to know what they are doing.
This patch allows admins, and only admins, to rename non-local users.
Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The "autofocus" was abused or misbehaved:
1. When users visit a page but they are not going to change a field,
then the field shouldn't get "autofocus"
* the "auth" / "user" page: in most cases, users do not want to change
the names
* see also the GitHub's "settings" page behavior.
2. There shouldn't be duplicate "autofocus" inputs in most cases, only
the first one focuses
3. When a panel is shown, the "autofocus" should get focus
* "add ssh key" panel
This PR fixes all these problems and by the way remove duplicate
"isElemHidden" function.
Fix#880
Design:
1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This PR uniform all temporary directory usage so that it will be easier
to manage.
Relate to #31792
- [x] Added a new setting to allow users to configure the global
temporary directory.
- [x] Move all temporary files and directories to be placed under
os.Temp()/gitea.
- [x] `setting.Repository.Local.LocalCopyPath` now will be
`setting.TempPath/local-repo` and the customized path is removed.
```diff
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[repository.local]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Path for local repository copy. Defaults to TEMP_PATH + `local-repo`, this is deprecated and cannot be changed
-;LOCAL_COPY_PATH = local-repo
```
- [x] `setting.Repository.Upload.TempPath` now will be
`settting.TempPath/uploads` and the customized path is removed.
```diff
;[repository.upload]
-;;
-;; Path for uploads. Defaults to TEMP_PATH + `uploads`
-;TEMP_PATH = uploads
```
- [x] `setting.Packages.ChunkedUploadPath` now will be
`settting.TempPath/package-upload` and the customized path is removed.
```diff
;[packages]
-;;
-;; Path for chunked uploads. Defaults it's `package-upload` under `TEMP_PATH` unless it's an absolute path.
-;CHUNKED_UPLOAD_PATH = package-upload
```
- [x] `setting.SSH.KeyTestPath` now will be
`settting.TempPath/ssh_key_test` and the customized path is removed.
```diff
[server]
-;;
-;; Directory to create temporary files in when testing public keys using ssh-keygen,
-;; default is the system temporary directory.
-;SSH_KEY_TEST_PATH =
```
TODO:
- [ ] setting.PprofDataPath haven't been changed because it may need to
be kept until somebody read it but temp path may be clean up any time.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#33966
```
;; User must sign in to view anything.
;; It could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources,
;; for example: block anonymous AI crawlers from accessing repo code pages.
;; The "expensive" mode is experimental and subject to change.
;REQUIRE_SIGNIN_VIEW = false
```
Add a "No data available" message to be displayed when the list has no
data. This improves the user experience by providing clear feedback in
an empty state.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Add a OpenTelemetry-like shim-layer to collect traces
2. Add a simple builtin trace collector and exporter, end users could
download the diagnosis report to get the traces.
This PR's design is quite lightweight, no hard-dependency, and it is
easy to improve or remove. We can try it on gitea.com first to see
whether it works well, and fine tune the details.
---------
Co-authored-by: silverwind <me@silverwind.io>
1. correct the modal usage on "admin email list" page (then
`web_src/js/features/admin/emails.ts` is removed)
2. use `addDelegatedEventListener` instead of `jQuery().on`
3. more jQuery related changes and remove jQuery from
`web_src/js/features/common-button.ts`
4. improve `confirmModal` to make it support header, and remove
incorrect double-escaping
5. fix more typescript related types
6. fine tune devtest pages and add more tests
Part of #27700
Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.
Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.
### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))
---------
Co-authored-by: Kyle D <kdumontnu@gmail.com>
`overflow-wrap: anywhere` is a superior alternative to `word-wrap:
break-word` and we were already setting it in the class. I tested a few
cases, all look good.
