zjjhot
diff --git a/‎.eslintrc.yaml‎
Lines changed: 33 additions & 0 deletions b/‎.eslintrc.yaml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/web.go‎
Lines changed: 2 additions & 1 deletion b/‎cmd/web.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎docs/content/doc/advanced/config-cheat-sheet.en-us.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/content/doc/advanced/config-cheat-sheet.en-us.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/content/doc/help/seek-help.en-us.md‎
Lines changed: 4 additions & 3 deletions b/‎docs/content/doc/help/seek-help.en-us.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎docs/content/doc/installation/from-package.en-us.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/content/doc/installation/from-package.en-us.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎integrations/api_repo_raw_test.go‎
Lines changed: 6 additions & 2 deletions b/‎integrations/api_repo_raw_test.go‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎models/repo/repo_list.go‎
Lines changed: 4 additions & 0 deletions b/‎models/repo/repo_list.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎models/user/search.go‎
Lines changed: 4 additions & 11 deletions b/‎models/user/search.go‎
Lines changed: 4 additions & 11 deletions
diff --git a/‎modules/context/api.go‎
Lines changed: 2 additions & 0 deletions b/‎modules/context/api.go‎
Lines changed: 2 additions & 0 deletions
@@ -12,6 +12,7 @@ plugins:
   - eslint-plugin-unicorn
   - eslint-plugin-import
   - eslint-plugin-jquery
+  - eslint-plugin-sonarjs
 
 env:
   es2022: true
@@ -369,6 +370,38 @@ rules:
   semi-spacing: [2, {before: false, after: true}]
   semi-style: [2, last]
   semi: [2, always, {omitLastInOneLineBlock: true}]
+  sonarjs/cognitive-complexity: [0]
+  sonarjs/elseif-without-else: [0]
+  sonarjs/max-switch-cases: [0]
+  sonarjs/no-all-duplicated-branches: [2]
+  sonarjs/no-collapsible-if: [0]
+  sonarjs/no-collection-size-mischeck: [2]
+  sonarjs/no-duplicate-string: [0]
+  sonarjs/no-duplicated-branches: [0]
+  sonarjs/no-element-overwrite: [2]
+  sonarjs/no-empty-collection: [2]
+  sonarjs/no-extra-arguments: [0]
+  sonarjs/no-gratuitous-expressions: [2]
+  sonarjs/no-identical-conditions: [2]
+  sonarjs/no-identical-expressions: [0]
+  sonarjs/no-identical-functions: [0]
+  sonarjs/no-ignored-return: [2]
+  sonarjs/no-inverted-boolean-check: [2]
+  sonarjs/no-nested-switch: [0]
+  sonarjs/no-nested-template-literals: [0]
+  sonarjs/no-one-iteration-loop: [2]
+  sonarjs/no-redundant-boolean: [2]
+  sonarjs/no-redundant-jump: [0]
+  sonarjs/no-same-line-conditional: [2]
+  sonarjs/no-small-switch: [0]
+  sonarjs/no-unused-collection: [2]
+  sonarjs/no-use-of-empty-return-value: [2]
+  sonarjs/no-useless-catch: [0]
+  sonarjs/non-existent-operator: [2]
+  sonarjs/prefer-immediate-return: [0]
+  sonarjs/prefer-object-literal: [0]
+  sonarjs/prefer-single-boolean-return: [0]
+  sonarjs/prefer-while: [2]
   sort-imports: [0]
   sort-keys: [0]
   sort-vars: [0]
 
@@ -29,7 +29,7 @@ AIR_PACKAGE ?= github.com/cosmtrek/[email protected]
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/[email protected]
 ERRCHECK_PACKAGE ?= github.com/kisielk/[email protected]
 GOFUMPT_PACKAGE ?= mvdan.cc/[email protected]
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/[email protected].1
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/[email protected].0
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/[email protected]
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/[email protected]
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/[email protected]
 
@@ -148,8 +148,9 @@ func runWeb(ctx *cli.Context) error {
 		go func() {
 			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
 			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
+			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
 			log.Info("Starting pprof server on localhost:6060")
-			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
 			finished()
 		}()
 	}
 
@@ -300,7 +300,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
-- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
+- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
 - `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
 - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
 
@@ -44,12 +44,13 @@ menu:
     * This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
 5. If you meet slow/hanging/deadlock problems, please report the stack trace when the problem occurs:
     1. Enable pprof in `app.ini` and restart Gitea
-    ```
+    ```ini
     [server]
     ENABLE_PPROF = true
     ```
-    2. Trigger the bug, when Gitea gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP is `127.0.0.1` and port is `6060`)
-    3. Report the output (the stack trace doesn't contain sensitive data)
+    2. Trigger the bug, when Gitea gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP must be `127.0.0.1` and port must be `6060`). 
+    3. If you are using Docker, please use `docker exec -it <container-name> curl "http://127.0.0.1:6060/debug/pprof/goroutine?debug=1"`.
+    4. Report the output (the stack trace doesn't contain sensitive data)
 
 ## Bugs
 
 
@@ -47,9 +47,9 @@ pacman -S gitea
 
 There is a [Gitea Snap](https://snapcraft.io/gitea) package which follows the latest stable version.
 
-``sh
+```sh
 snap install gitea
-``
+```
 
 ## SUSE and openSUSE
 
 
@@ -10,6 +10,8 @@ import (
 
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestAPIReposRaw(t *testing.T) {
@@ -25,9 +27,11 @@ func TestAPIReposRaw(t *testing.T) {
 		"65f1bf27bc3bf70f64657658635e66094edbcb4d", // Commit
 	} {
 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md?token="+token, user.Name, ref)
-		session.MakeRequest(t, req, http.StatusOK)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		assert.EqualValues(t, "file", resp.Header().Get("x-gitea-object-type"))
 	}
 	// Test default branch
 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md?token="+token, user.Name)
-	session.MakeRequest(t, req, http.StatusOK)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	assert.EqualValues(t, "file", resp.Header().Get("x-gitea-object-type"))
 }
@@ -6,6 +6,7 @@ package repo
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -695,6 +696,9 @@ func GetUserRepositories(opts *SearchRepoOptions) (RepositoryList, int64, error)
 	}
 
 	cond := builder.NewCond()
+	if opts.Actor == nil {
+		return nil, 0, errors.New("GetUserRepositories: Actor is needed but not given")
+	}
 	cond = cond.And(builder.Eq{"owner_id": opts.Actor.ID})
 	if !opts.Private {
 		cond = cond.And(builder.Eq{"is_private": false})
 
@@ -59,25 +59,18 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session {
 	}
 
 	if opts.Actor != nil {
-		exprCond := builder.Expr("org_user.org_id = `user`.id")
-
 		// If Admin - they see all users!
 		if !opts.Actor.IsAdmin {
-			// Force visibility for privacy
-			var accessCond builder.Cond
+			// Users can see an organization they are a member of
+			accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID}))
 			if !opts.Actor.IsRestricted {
-				accessCond = builder.Or(
-					builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID}, builder.Eq{"visibility": structs.VisibleTypePrivate}))),
-					builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
-			} else {
-				// restricted users only see orgs they are a member of
-				accessCond = builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID})))
+				// Not-Restricted users can see public and limited users/organizations
+				accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
 			}
 			// Don't forget about self
 			accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID})
 			cond = cond.And(accessCond)
 		}
-
 	} else {
 		// Force visibility for privacy
 		// Not logged in - only public users
 
@@ -16,6 +16,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/httpcache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
@@ -268,6 +269,7 @@ func APIContexter() func(http.Handler) http.Handler {
 				}
 			}
 
+			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 			ctx.Data["Context"] = &ctx
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ import (`
`16`	`16`	`repo_model "code.gitea.io/gitea/models/repo"`
`17`	`17`	`"code.gitea.io/gitea/modules/cache"`
`18`	`18`	`"code.gitea.io/gitea/modules/git"`
	`19`	`+ "code.gitea.io/gitea/modules/httpcache"`
`19`	`20`	`"code.gitea.io/gitea/modules/log"`
`20`	`21`	`"code.gitea.io/gitea/modules/setting"`
`21`	`22`	`"code.gitea.io/gitea/modules/web/middleware"`
`@@ -268,6 +269,7 @@ func APIContexter() func(http.Handler) http.Handler {`
`268`	`269`	`}`
`269`	`270`	`}`
`270`	`271`
	`272`	`+ httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")`
`271`	`273`	ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
`272`	`274`
`273`	`275`	`ctx.Data["Context"] = &ctx`