Adding upstream version 9.0.0.upstream/9.0.0upstreamdebian

Signed-off-by: Daniel Baumann <daniel@debian.org>

5 files changed, 548 insertions, 0 deletions

diff --git a/modules/base/base.go b/modules/base/base.go
new file mode 100644
index 0000000..dddce20
--- /dev/null
+++ b/modules/base/base.go
@@ -0,0 +1,9 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+type (
+	// TplName template relative path type
+	TplName string
+)
diff --git a/modules/base/natural_sort.go b/modules/base/natural_sort.go
new file mode 100644
index 0000000..5b5febb
--- /dev/null
+++ b/modules/base/natural_sort.go
@@ -0,0 +1,90 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"math/big"
+	"strings"
+	"unicode/utf8"
+)
+
+// NaturalSortLess compares two strings so that they could be sorted in natural order
+func NaturalSortLess(s1, s2 string) bool {
+	s1, s2 = strings.ToLower(s1), strings.ToLower(s2)
+	var i1, i2 int
+	for {
+		rune1, j1, end1 := getNextRune(s1, i1)
+		rune2, j2, end2 := getNextRune(s2, i2)
+		if end1 || end2 {
+			return end1 != end2 && end1
+		}
+		dec1 := isDecimal(rune1)
+		dec2 := isDecimal(rune2)
+		var less, equal bool
+		if dec1 && dec2 {
+			i1, i2, less, equal = compareByNumbers(s1, i1, s2, i2)
+		} else if !dec1 && !dec2 {
+			equal = rune1 == rune2
+			less = rune1 < rune2
+			i1 = j1
+			i2 = j2
+		} else {
+			return rune1 < rune2
+		}
+		if !equal {
+			return less
+		}
+	}
+}
+
+func getNextRune(str string, pos int) (rune, int, bool) {
+	if pos < len(str) {
+		r, w := utf8.DecodeRuneInString(str[pos:])
+		// Fallback to ascii
+		if r == utf8.RuneError {
+			r = rune(str[pos])
+			w = 1
+		}
+		return r, pos + w, false
+	}
+	return 0, pos, true
+}
+
+func isDecimal(r rune) bool {
+	return '0' <= r && r <= '9'
+}
+
+func compareByNumbers(str1 string, pos1 int, str2 string, pos2 int) (i1, i2 int, less, equal bool) {
+	d1, d2 := true, true
+	var dec1, dec2 string
+	for d1 || d2 {
+		if d1 {
+			r, j, end := getNextRune(str1, pos1)
+			if !end && isDecimal(r) {
+				dec1 += string(r)
+				pos1 = j
+			} else {
+				d1 = false
+			}
+		}
+		if d2 {
+			r, j, end := getNextRune(str2, pos2)
+			if !end && isDecimal(r) {
+				dec2 += string(r)
+				pos2 = j
+			} else {
+				d2 = false
+			}
+		}
+	}
+	less, equal = compareBigNumbers(dec1, dec2)
+	return pos1, pos2, less, equal
+}
+
+func compareBigNumbers(dec1, dec2 string) (less, equal bool) {
+	d1, _ := big.NewInt(0).SetString(dec1, 10)
+	d2, _ := big.NewInt(0).SetString(dec2, 10)
+	cmp := d1.Cmp(d2)
+	return cmp < 0, cmp == 0
+}
diff --git a/modules/base/natural_sort_test.go b/modules/base/natural_sort_test.go
new file mode 100644
index 0000000..7378d9a
--- /dev/null
+++ b/modules/base/natural_sort_test.go
@@ -0,0 +1,29 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNaturalSortLess(t *testing.T) {
+	test := func(s1, s2 string, less bool) {
+		assert.Equal(t, less, NaturalSortLess(s1, s2))
+	}
+	test("v1.20.0", "v1.2.0", false)
+	test("v1.20.0", "v1.29.0", true)
+	test("v1.20.0", "v1.20.0", false)
+	test("abc", "bcd", true)
+	test("a-1-a", "a-1-b", true)
+	test("2", "12", true)
+	test("a", "ab", true)
+
+	// Test for case insensitive.
+	test("A", "ab", true)
+	test("B", "ab", false)
+	test("a", "AB", true)
+	test("b", "AB", false)
+}
diff --git a/modules/base/tool.go b/modules/base/tool.go
new file mode 100644
index 0000000..7612fff
--- /dev/null
+++ b/modules/base/tool.go
@@ -0,0 +1,234 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"hash"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/dustin/go-humanize"
+)
+
+// EncodeSha256 string to sha256 hex value.
+func EncodeSha256(str string) string {
+	h := sha256.New()
+	_, _ = h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+// ShortSha is basically just truncating.
+// It is DEPRECATED and will be removed in the future.
+func ShortSha(sha1 string) string {
+	return TruncateString(sha1, 10)
+}
+
+// BasicAuthDecode decode basic auth string
+func BasicAuthDecode(encoded string) (string, string, error) {
+	s, err := base64.StdEncoding.DecodeString(encoded)
+	if err != nil {
+		return "", "", err
+	}
+
+	if username, password, ok := strings.Cut(string(s), ":"); ok {
+		return username, password, nil
+	}
+	return "", "", errors.New("invalid basic authentication")
+}
+
+// VerifyTimeLimitCode verify time limit code
+func VerifyTimeLimitCode(now time.Time, data string, minutes int, code string) bool {
+	if len(code) <= 18 {
+		return false
+	}
+
+	startTimeStr := code[:12]
+	aliveTimeStr := code[12:18]
+	aliveTime, _ := strconv.Atoi(aliveTimeStr) // no need to check err, if anything wrong, the following code check will fail soon
+
+	// check code
+	retCode := CreateTimeLimitCode(data, aliveTime, startTimeStr, nil)
+	if subtle.ConstantTimeCompare([]byte(retCode), []byte(code)) != 1 {
+		retCode = CreateTimeLimitCode(data, aliveTime, startTimeStr, sha1.New()) // TODO: this is only for the support of legacy codes, remove this in/after 1.23
+		if subtle.ConstantTimeCompare([]byte(retCode), []byte(code)) != 1 {
+			return false
+		}
+	}
+
+	// check time is expired or not: startTime <= now && now < startTime + minutes
+	startTime, _ := time.ParseInLocation("200601021504", startTimeStr, time.Local)
+	return (startTime.Before(now) || startTime.Equal(now)) && now.Before(startTime.Add(time.Minute*time.Duration(minutes)))
+}
+
+// TimeLimitCodeLength default value for time limit code
+const TimeLimitCodeLength = 12 + 6 + 40
+
+// CreateTimeLimitCode create a time-limited code.
+// Format: 12 length date time string + 6 minutes string (not used) + 40 hash string, some other code depends on this fixed length
+// If h is nil, then use the default hmac hash.
+func CreateTimeLimitCode[T time.Time | string](data string, minutes int, startTimeGeneric T, h hash.Hash) string {
+	const format = "200601021504"
+
+	var start time.Time
+	var startTimeAny any = startTimeGeneric
+	if t, ok := startTimeAny.(time.Time); ok {
+		start = t
+	} else {
+		var err error
+		start, err = time.ParseInLocation(format, startTimeAny.(string), time.Local)
+		if err != nil {
+			return "" // return an invalid code because the "parse" failed
+		}
+	}
+	startStr := start.Format(format)
+	end := start.Add(time.Minute * time.Duration(minutes))
+
+	if h == nil {
+		h = hmac.New(sha1.New, setting.GetGeneralTokenSigningSecret())
+	}
+	_, _ = fmt.Fprintf(h, "%s%s%s%s%d", data, hex.EncodeToString(setting.GetGeneralTokenSigningSecret()), startStr, end.Format(format), minutes)
+	encoded := hex.EncodeToString(h.Sum(nil))
+
+	code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)
+	if len(code) != TimeLimitCodeLength {
+		panic("there is a hard requirement for the length of time-limited code") // it shouldn't happen
+	}
+	return code
+}
+
+// FileSize calculates the file size and generate user-friendly string.
+func FileSize(s int64) string {
+	return humanize.IBytes(uint64(s))
+}
+
+// EllipsisString returns a truncated short string,
+// it appends '...' in the end of the length of string is too large.
+func EllipsisString(str string, length int) string {
+	if length <= 3 {
+		return "..."
+	}
+	if utf8.RuneCountInString(str) <= length {
+		return str
+	}
+	return string([]rune(str)[:length-3]) + "..."
+}
+
+// TruncateString returns a truncated string with given limit,
+// it returns input string if length is not reached limit.
+func TruncateString(str string, limit int) string {
+	if utf8.RuneCountInString(str) < limit {
+		return str
+	}
+	return string([]rune(str)[:limit])
+}
+
+// StringsToInt64s converts a slice of string to a slice of int64.
+func StringsToInt64s(strs []string) ([]int64, error) {
+	if strs == nil {
+		return nil, nil
+	}
+	ints := make([]int64, 0, len(strs))
+	for _, s := range strs {
+		n, err := strconv.ParseInt(s, 10, 64)
+		if err != nil {
+			return nil, err
+		}
+		ints = append(ints, n)
+	}
+	return ints, nil
+}
+
+// Int64sToStrings converts a slice of int64 to a slice of string.
+func Int64sToStrings(ints []int64) []string {
+	strs := make([]string, len(ints))
+	for i := range ints {
+		strs[i] = strconv.FormatInt(ints[i], 10)
+	}
+	return strs
+}
+
+// EntryIcon returns the octicon class for displaying files/directories
+func EntryIcon(entry *git.TreeEntry) string {
+	switch {
+	case entry.IsLink():
+		te, _, err := entry.FollowLink()
+		if err != nil {
+			log.Debug(err.Error())
+			return "file-symlink-file"
+		}
+		if te.IsDir() {
+			return "file-directory-symlink"
+		}
+		return "file-symlink-file"
+	case entry.IsDir():
+		return "file-directory-fill"
+	case entry.IsSubModule():
+		return "file-submodule"
+	}
+
+	return "file"
+}
+
+// SetupGiteaRoot Sets GITEA_ROOT if it is not already set and returns the value
+func SetupGiteaRoot() string {
+	giteaRoot := os.Getenv("GITEA_ROOT")
+	if giteaRoot == "" {
+		_, filename, _, _ := runtime.Caller(0)
+		giteaRoot = strings.TrimSuffix(filename, "modules/base/tool.go")
+		wd, err := os.Getwd()
+		if err != nil {
+			rel, err := filepath.Rel(giteaRoot, wd)
+			if err != nil && strings.HasPrefix(filepath.ToSlash(rel), "../") {
+				giteaRoot = wd
+			}
+		}
+		if _, err := os.Stat(filepath.Join(giteaRoot, "gitea")); os.IsNotExist(err) {
+			giteaRoot = ""
+		} else if err := os.Setenv("GITEA_ROOT", giteaRoot); err != nil {
+			giteaRoot = ""
+		}
+	}
+	return giteaRoot
+}
+
+// FormatNumberSI format a number
+func FormatNumberSI(data any) string {
+	var num int64
+	if num1, ok := data.(int64); ok {
+		num = num1
+	} else if num1, ok := data.(int); ok {
+		num = int64(num1)
+	} else {
+		return ""
+	}
+
+	if num < 1000 {
+		return fmt.Sprintf("%d", num)
+	} else if num < 1000000 {
+		num2 := float32(num) / float32(1000.0)
+		return fmt.Sprintf("%.1fk", num2)
+	} else if num < 1000000000 {
+		num2 := float32(num) / float32(1000000.0)
+		return fmt.Sprintf("%.1fM", num2)
+	}
+	num2 := float32(num) / float32(1000000000.0)
+	return fmt.Sprintf("%.1fG", num2)
+}
diff --git a/modules/base/tool_test.go b/modules/base/tool_test.go
new file mode 100644
index 0000000..81fd4b6
--- /dev/null
+++ b/modules/base/tool_test.go
@@ -0,0 +1,186 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"crypto/sha1"
+	"fmt"
+	"testing"
+	"time"
+
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestEncodeSha256(t *testing.T) {
+	assert.Equal(t,
+		"c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
+		EncodeSha256("foobar"),
+	)
+}
+
+func TestShortSha(t *testing.T) {
+	assert.Equal(t, "veryverylo", ShortSha("veryverylong"))
+}
+
+func TestBasicAuthDecode(t *testing.T) {
+	_, _, err := BasicAuthDecode("?")
+	assert.Equal(t, "illegal base64 data at input byte 0", err.Error())
+
+	user, pass, err := BasicAuthDecode("Zm9vOmJhcg==")
+	require.NoError(t, err)
+	assert.Equal(t, "foo", user)
+	assert.Equal(t, "bar", pass)
+
+	_, _, err = BasicAuthDecode("aW52YWxpZA==")
+	require.Error(t, err)
+
+	_, _, err = BasicAuthDecode("invalid")
+	require.Error(t, err)
+
+	_, _, err = BasicAuthDecode("YWxpY2U=") // "alice", no colon
+	require.Error(t, err)
+}
+
+func TestVerifyTimeLimitCode(t *testing.T) {
+	defer test.MockVariableValue(&setting.InstallLock, true)()
+	initGeneralSecret := func(secret string) {
+		setting.InstallLock = true
+		setting.CfgProvider, _ = setting.NewConfigProviderFromData(fmt.Sprintf(`
+[oauth2]
+JWT_SECRET = %s
+`, secret))
+		setting.LoadCommonSettings()
+	}
+
+	initGeneralSecret("KZb_QLUd4fYVyxetjxC4eZkrBgWM2SndOOWDNtgUUko")
+	now := time.Now()
+
+	t.Run("TestGenericParameter", func(t *testing.T) {
+		time2000 := time.Date(2000, 1, 2, 3, 4, 5, 0, time.Local)
+		assert.Equal(t, "2000010203040000026fa5221b2731b7cf80b1b506f5e39e38c115fee5", CreateTimeLimitCode("test-sha1", 2, time2000, sha1.New()))
+		assert.Equal(t, "2000010203040000026fa5221b2731b7cf80b1b506f5e39e38c115fee5", CreateTimeLimitCode("test-sha1", 2, "200001020304", sha1.New()))
+		assert.Equal(t, "2000010203040000024842227a2f87041ff82025199c0187410a9297bf", CreateTimeLimitCode("test-hmac", 2, time2000, nil))
+		assert.Equal(t, "2000010203040000024842227a2f87041ff82025199c0187410a9297bf", CreateTimeLimitCode("test-hmac", 2, "200001020304", nil))
+	})
+
+	t.Run("TestInvalidCode", func(t *testing.T) {
+		assert.False(t, VerifyTimeLimitCode(now, "data", 2, ""))
+		assert.False(t, VerifyTimeLimitCode(now, "data", 2, "invalid code"))
+	})
+
+	t.Run("TestCreateAndVerify", func(t *testing.T) {
+		code := CreateTimeLimitCode("data", 2, now, nil)
+		assert.False(t, VerifyTimeLimitCode(now.Add(-time.Minute), "data", 2, code)) // not started yet
+		assert.True(t, VerifyTimeLimitCode(now, "data", 2, code))
+		assert.True(t, VerifyTimeLimitCode(now.Add(time.Minute), "data", 2, code))
+		assert.False(t, VerifyTimeLimitCode(now.Add(time.Minute), "DATA", 2, code))   // invalid data
+		assert.False(t, VerifyTimeLimitCode(now.Add(2*time.Minute), "data", 2, code)) // expired
+	})
+
+	t.Run("TestDifferentSecret", func(t *testing.T) {
+		// use another secret to ensure the code is invalid for different secret
+		verifyDataCode := func(c string) bool {
+			return VerifyTimeLimitCode(now, "data", 2, c)
+		}
+		code1 := CreateTimeLimitCode("data", 2, now, sha1.New())
+		code2 := CreateTimeLimitCode("data", 2, now, nil)
+		assert.True(t, verifyDataCode(code1))
+		assert.True(t, verifyDataCode(code2))
+		initGeneralSecret("000_QLUd4fYVyxetjxC4eZkrBgWM2SndOOWDNtgUUko")
+		assert.False(t, verifyDataCode(code1))
+		assert.False(t, verifyDataCode(code2))
+	})
+}
+
+func TestFileSize(t *testing.T) {
+	var size int64 = 512
+	assert.Equal(t, "512 B", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 KiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 MiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 GiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 TiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 PiB", FileSize(size))
+	size *= 4
+	assert.Equal(t, "2.0 EiB", FileSize(size))
+}
+
+func TestEllipsisString(t *testing.T) {
+	assert.Equal(t, "...", EllipsisString("foobar", 0))
+	assert.Equal(t, "...", EllipsisString("foobar", 1))
+	assert.Equal(t, "...", EllipsisString("foobar", 2))
+	assert.Equal(t, "...", EllipsisString("foobar", 3))
+	assert.Equal(t, "f...", EllipsisString("foobar", 4))
+	assert.Equal(t, "fo...", EllipsisString("foobar", 5))
+	assert.Equal(t, "foobar", EllipsisString("foobar", 6))
+	assert.Equal(t, "foobar", EllipsisString("foobar", 10))
+	assert.Equal(t, "测...", EllipsisString("测试文本一二三四", 4))
+	assert.Equal(t, "测试...", EllipsisString("测试文本一二三四", 5))
+	assert.Equal(t, "测试文...", EllipsisString("测试文本一二三四", 6))
+	assert.Equal(t, "测试文本一二三四", EllipsisString("测试文本一二三四", 10))
+}
+
+func TestTruncateString(t *testing.T) {
+	assert.Equal(t, "", TruncateString("foobar", 0))
+	assert.Equal(t, "f", TruncateString("foobar", 1))
+	assert.Equal(t, "fo", TruncateString("foobar", 2))
+	assert.Equal(t, "foo", TruncateString("foobar", 3))
+	assert.Equal(t, "foob", TruncateString("foobar", 4))
+	assert.Equal(t, "fooba", TruncateString("foobar", 5))
+	assert.Equal(t, "foobar", TruncateString("foobar", 6))
+	assert.Equal(t, "foobar", TruncateString("foobar", 7))
+	assert.Equal(t, "测试文本", TruncateString("测试文本一二三四", 4))
+	assert.Equal(t, "测试文本一", TruncateString("测试文本一二三四", 5))
+	assert.Equal(t, "测试文本一二", TruncateString("测试文本一二三四", 6))
+	assert.Equal(t, "测试文本一二三", TruncateString("测试文本一二三四", 7))
+}
+
+func TestStringsToInt64s(t *testing.T) {
+	testSuccess := func(input []string, expected []int64) {
+		result, err := StringsToInt64s(input)
+		require.NoError(t, err)
+		assert.Equal(t, expected, result)
+	}
+	testSuccess(nil, nil)
+	testSuccess([]string{}, []int64{})
+	testSuccess([]string{"-1234"}, []int64{-1234})
+	testSuccess([]string{"1", "4", "16", "64", "256"}, []int64{1, 4, 16, 64, 256})
+
+	ints, err := StringsToInt64s([]string{"-1", "a"})
+	assert.Empty(t, ints)
+	require.Error(t, err)
+}
+
+func TestInt64sToStrings(t *testing.T) {
+	assert.Equal(t, []string{}, Int64sToStrings([]int64{}))
+	assert.Equal(t,
+		[]string{"1", "4", "16", "64", "256"},
+		Int64sToStrings([]int64{1, 4, 16, 64, 256}),
+	)
+}
+
+// TODO: Test EntryIcon
+
+func TestSetupGiteaRoot(t *testing.T) {
+	t.Setenv("GITEA_ROOT", "test")
+	assert.Equal(t, "test", SetupGiteaRoot())
+	t.Setenv("GITEA_ROOT", "")
+	assert.NotEqual(t, "test", SetupGiteaRoot())
+}
+
+func TestFormatNumberSI(t *testing.T) {
+	assert.Equal(t, "125", FormatNumberSI(int(125)))
+	assert.Equal(t, "1.3k", FormatNumberSI(int64(1317)))
+	assert.Equal(t, "21.3M", FormatNumberSI(21317675))
+	assert.Equal(t, "45.7G", FormatNumberSI(45721317675))
+	assert.Equal(t, "", FormatNumberSI("test"))
+}