Fix various bugs (#37096)

* Fix #36001 * Fix #35498 * Fix #35395 * Fix #35160 * Fix #35058 * Fix #35445
2026-04-04 11:30:51 +09:00 · 2026-04-04 04:03:59 +08:00
parent f9f9876f2c
commit 2c2d7e6f64
18 changed files with 113 additions and 78 deletions
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -78,11 +78,7 @@ func runGenerateInternalToken(_ context.Context, c *cli.Command) error {
 }

 func runGenerateLfsJwtSecret(_ context.Context, c *cli.Command) error {
-	_, jwtSecretBase64, err := generate.NewJwtSecretWithBase64()
-	if err != nil {
-		return err
-	}
-
+	_, jwtSecretBase64 := generate.NewJwtSecretWithBase64()
 	fmt.Printf("%s", jwtSecretBase64)

 	if isatty.IsTerminal(os.Stdout.Fd()) {
--- a/modules/generate/generate.go
+++ b/modules/generate/generate.go
@@ -54,13 +54,13 @@ func DecodeJwtSecretBase64(src string) ([]byte, error) {
 }

 // NewJwtSecretWithBase64 generates a jwt secret with its base64 encoded value intended to be used for saving into config file
-func NewJwtSecretWithBase64() ([]byte, string, error) {
+func NewJwtSecretWithBase64() ([]byte, string) {
 	bytes := make([]byte, defaultJwtSecretLen)
-	_, err := io.ReadFull(rand.Reader, bytes)
+	_, err := rand.Read(bytes)
 	if err != nil {
-		return nil, "", err
+		panic(err) // rand.Read never fails
 	}
-	return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
+	return bytes, base64.RawURLEncoding.EncodeToString(bytes)
 }

 // NewSecretKey generate a new value intended to be used by SECRET_KEY.
--- a/modules/generate/generate_test.go
+++ b/modules/generate/generate_test.go
@@ -25,10 +25,12 @@ func TestDecodeJwtSecretBase64(t *testing.T) {
 }

 func TestNewJwtSecretWithBase64(t *testing.T) {
-	secret, encoded, err := NewJwtSecretWithBase64()
-	assert.NoError(t, err)
+	secret, encoded := NewJwtSecretWithBase64()
 	assert.Len(t, secret, 32)
 	decoded, err := DecodeJwtSecretBase64(encoded)
 	assert.NoError(t, err)
 	assert.Equal(t, secret, decoded)
+
+	secret2, _ := NewJwtSecretWithBase64()
+	assert.NotEqual(t, secret, secret2)
 }
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -583,3 +583,20 @@ func TestMarkdownLink(t *testing.T) {
 	assert.Equal(t, `<p><a href="https://example.com/__init__.py" rel="nofollow">https://example.com/__init__.py</a></p>
 `, string(result))
 }
+
+func TestMarkdownUlDir(t *testing.T) {
+	defer test.MockVariableValue(&markup.RenderBehaviorForTesting.DisableAdditionalAttributes, false)()
+	result, err := markdown.RenderString(markup.NewTestRenderContext(), `
+* a
+  * b
+`)
+	assert.NoError(t, err)
+	assert.Equal(t, `<ul dir="auto">
+<li>a
+<ul>
+<li>b</li>
+</ul>
+</li>
+</ul>
+`, string(result))
+}
--- a/modules/markup/markdown/transform_list.go
+++ b/modules/markup/markdown/transform_list.go
@@ -81,5 +81,16 @@ func (g *ASTTransformer) transformList(_ *markup.RenderContext, v *ast.List, rc
 			v.AppendChild(v, newChild)
 		}
 	}
-	g.applyElementDir(v)
+
+	nestedList := false
+	for p := v.Parent(); p != nil; p = p.Parent() {
+		if _, ok := p.(*ast.List); ok {
+			nestedList = true
+			break
+		}
+	}
+	if !nestedList {
+		// "dir=auto" should be only added to top-level "ul". https://github.com/go-gitea/gitea/issues/35058
+		g.applyElementDir(v)
+	}
 }
--- a/modules/setting/lfs.go
+++ b/modules/setting/lfs.go
@@ -81,10 +81,7 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 	jwtSecretBase64 := loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
 	LFS.JWTSecretBytes, err = generate.DecodeJwtSecretBase64(jwtSecretBase64)
 	if err != nil {
-		LFS.JWTSecretBytes, jwtSecretBase64, err = generate.NewJwtSecretWithBase64()
-		if err != nil {
-			return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
-		}
+		LFS.JWTSecretBytes, jwtSecretBase64 = generate.NewJwtSecretWithBase64()

 		// Save secret
 		saveCfg, err := rootCfg.PrepareSaving()
--- a/modules/setting/oauth2.go
+++ b/modules/setting/oauth2.go
@@ -139,10 +139,7 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 	if InstallLock {
 		jwtSecretBytes, err := generate.DecodeJwtSecretBase64(jwtSecretBase64)
 		if err != nil {
-			jwtSecretBytes, jwtSecretBase64, err = generate.NewJwtSecretWithBase64()
-			if err != nil {
-				log.Fatal("error generating JWT secret: %v", err)
-			}
+			jwtSecretBytes, jwtSecretBase64 = generate.NewJwtSecretWithBase64()
 			saveCfg, err := rootCfg.PrepareSaving()
 			if err != nil {
 				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
@@ -162,10 +159,7 @@ var generalSigningSecret atomic.Pointer[[]byte]
 func GetGeneralTokenSigningSecret() []byte {
 	old := generalSigningSecret.Load()
 	if old == nil || len(*old) == 0 {
-		jwtSecret, _, err := generate.NewJwtSecretWithBase64()
-		if err != nil {
-			log.Fatal("Unable to generate general JWT secret: %v", err)
-		}
+		jwtSecret, _ := generate.NewJwtSecretWithBase64()
 		if generalSigningSecret.CompareAndSwap(old, &jwtSecret) {
 			return jwtSecret
 		}
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1228,10 +1228,10 @@ func Routes() *web.Router {
 				m.Group("/branch_protections", func() {
 					m.Get("", repo.ListBranchProtections)
 					m.Post("", bind(api.CreateBranchProtectionOption{}), mustNotBeArchived, repo.CreateBranchProtection)
-					m.Group("/{name}", func() {
+					m.Group("/*", func() {
 						m.Get("", repo.GetBranchProtection)
 						m.Patch("", bind(api.EditBranchProtectionOption{}), mustNotBeArchived, repo.EditBranchProtection)
-						m.Delete("", repo.DeleteBranchProtection)
+						m.Delete("", mustNotBeArchived, repo.DeleteBranchProtection)
 					})
 					m.Post("/priority", bind(api.UpdateBranchProtectionPriories{}), mustNotBeArchived, repo.UpdateBranchProtectionPriories)
 				}, reqToken(), reqAdmin())
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@@ -563,7 +563,7 @@ func GetBranchProtection(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"

 	repo := ctx.Repo.Repository
-	bpName := ctx.PathParam("name")
+	bpName := ctx.PathParam("*")
 	bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
 	if err != nil {
 		ctx.APIErrorInternal(err)
@@ -845,7 +845,7 @@ func EditBranchProtection(ctx *context.APIContext) {
 	//     "$ref": "#/responses/repoArchivedError"
 	form := web.GetForm(ctx).(*api.EditBranchProtectionOption)
 	repo := ctx.Repo.Repository
-	bpName := ctx.PathParam("name")
+	bpName := ctx.PathParam("*")
 	protectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
 	if err != nil {
 		ctx.APIErrorInternal(err)
@@ -1168,7 +1168,7 @@ func DeleteBranchProtection(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"

 	repo := ctx.Repo.Repository
-	bpName := ctx.PathParam("name")
+	bpName := ctx.PathParam("*")
 	bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
 	if err != nil {
 		ctx.APIErrorInternal(err)
--- a/routers/api/v1/repo/tag.go
+++ b/routers/api/v1/repo/tag.go
@@ -107,15 +107,18 @@ func GetAnnotatedTag(ctx *context.APIContext) {
 		return
 	}

-	if tag, err := ctx.Repo.GitRepo.GetAnnotatedTag(sha); err != nil {
+	tag, err := ctx.Repo.GitRepo.GetAnnotatedTag(sha)
+	if err != nil {
 		ctx.APIError(http.StatusBadRequest, err)
-	} else {
-		commit, err := ctx.Repo.GitRepo.GetTagCommit(tag.Name)
-		if err != nil {
-			ctx.APIError(http.StatusBadRequest, err)
-		}
-		ctx.JSON(http.StatusOK, convert.ToAnnotatedTag(ctx, ctx.Repo.Repository, tag, commit))
+		return
 	}
+
+	commit, err := ctx.Repo.GitRepo.GetTagCommit(tag.Name)
+	if err != nil {
+		ctx.APIError(http.StatusBadRequest, err)
+		return
+	}
+	ctx.JSON(http.StatusOK, convert.ToAnnotatedTag(ctx, ctx.Repo.Repository, tag, commit))
 }

 // GetTag get the tag of a repository
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -371,12 +371,11 @@ func SubmitInstall(ctx *context.Context) {
 	if form.LFSRootPath != "" {
 		cfg.Section("server").Key("LFS_START_SERVER").SetValue("true")
 		cfg.Section("lfs").Key("PATH").SetValue(form.LFSRootPath)
-		var lfsJwtSecret string
-		if _, lfsJwtSecret, err = generate.NewJwtSecretWithBase64(); err != nil {
-			ctx.RenderWithErrDeprecated(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form)
-			return
+
+		if !cfg.Section("server").HasKey("LFS_JWT_SECRET_URI") {
+			_, lfsJwtSecret := generate.NewJwtSecretWithBase64()
+			cfg.Section("server").Key("LFS_JWT_SECRET").SetValue(lfsJwtSecret)
 		}
-		cfg.Section("server").Key("LFS_JWT_SECRET").SetValue(lfsJwtSecret)
 	} else {
 		cfg.Section("server").Key("LFS_START_SERVER").SetValue("false")
 	}
@@ -437,11 +436,7 @@ func SubmitInstall(ctx *context.Context) {
 	// FIXME: at the moment, no matter oauth2 is enabled or not, it must generate a "oauth2 JWT_SECRET"
 	// see the "loadOAuth2From" in "setting/oauth2.go"
 	if !cfg.Section("oauth2").HasKey("JWT_SECRET") && !cfg.Section("oauth2").HasKey("JWT_SECRET_URI") {
-		_, jwtSecretBase64, err := generate.NewJwtSecretWithBase64()
-		if err != nil {
-			ctx.RenderWithErrDeprecated(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
-			return
-		}
+		_, jwtSecretBase64 := generate.NewJwtSecretWithBase64()
 		cfg.Section("oauth2").Key("JWT_SECRET").SetValue(jwtSecretBase64)
 	}

--- a/templates/projects/view.tmpl
+++ b/templates/projects/view.tmpl
@@ -1,6 +1,6 @@
 {{$canWriteProject := and .CanWriteProjects (or (not .Repository) (not .Repository.IsArchived))}}

-<div class="ui container fluid padded projects-view">
+<div class="ui container fluid padded projects-view" data-global-init="initRepoProjectsView">
 	<div class="ui container flex-text-block project-header">
 		<h2>{{.Project.Title}}</h2>
 		<div class="tw-flex-1"></div>
--- a/templates/shared/search/combo.tmpl
+++ b/templates/shared/search/combo.tmpl
@@ -9,22 +9,21 @@
 <div class="ui small fluid action input">
 	{{template "shared/search/input" dict "Value" .Value "Disabled" .Disabled "Placeholder" .Placeholder}}
 	{{if .SearchModes}}
-	<div class="ui small dropdown selection {{if .Disabled}}disabled{{end}}" data-tooltip-content="{{ctx.Locale.Tr "search.type_tooltip"}}">
-		<div class="text"></div> {{svg "octicon-triangle-down" 14 "dropdown icon"}}
-		<input name="search_mode" type="hidden" value="
-			{{- if .SelectedSearchMode -}}
-				{{- .SelectedSearchMode -}}
-			{{- else -}}
-				{{- $defaultSearchMode := index .SearchModes 0 -}}
-				{{- $defaultSearchMode.ModeValue -}}
-			{{- end -}}
-		">
-		<div class="menu">
-			{{range $mode := .SearchModes}}
-				<div class="item" data-value="{{$mode.ModeValue}}" data-tooltip-content="{{ctx.Locale.Tr $mode.TooltipTrKey}}">{{ctx.Locale.Tr $mode.TitleTrKey}}</div>
+		{{$selected := index .SearchModes 0}}
+		{{range $mode := .SearchModes}}
+			{{if eq $mode.ModeValue $.SelectedSearchMode}}
+				{{$selected = $mode}}
 			{{end}}
+		{{end}}
+		<div class="ui small dropdown selection {{if .Disabled}}disabled{{end}}" data-tooltip-content="{{ctx.Locale.Tr "search.type_tooltip"}}">
+			<div class="text">{{ctx.Locale.Tr $selected.TitleTrKey}}</div> {{svg "octicon-triangle-down" 14 "dropdown icon"}}
+			<input name="search_mode" type="hidden" value="{{$selected.ModeValue}}">
+			<div class="menu">
+				{{range $mode := .SearchModes}}
+					<div class="item" data-value="{{$mode.ModeValue}}" data-tooltip-content="{{ctx.Locale.Tr $mode.TooltipTrKey}}">{{ctx.Locale.Tr $mode.TitleTrKey}}</div>
+				{{end}}
+			</div>
 		</div>
-	</div>
 	{{end}}
 	{{template "shared/search/button" dict "Disabled" .Disabled "Tooltip" .Tooltip}}
 </div>
--- a/tests/integration/api_branch_test.go
+++ b/tests/integration/api_branch_test.go
@@ -362,15 +362,20 @@ func testAPIRenameBranch(t *testing.T, doerName, ownerName, repoName, from, to s
 func TestAPIBranchProtection(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()

-	// Branch protection  on branch that not exist
-	testAPICreateBranchProtection(t, "master/doesnotexist", 1, http.StatusCreated)
+	// Can create branch protection on branch that not exist
+	testAPICreateBranchProtection(t, "non-existing/branch", 1, http.StatusCreated)
+	testAPIGetBranchProtection(t, "non-existing/branch", http.StatusOK)
+	testAPIDeleteBranchProtection(t, "non-existing/branch", http.StatusNoContent)
+
 	// Get branch protection on branch that exist but not branch protection
 	testAPIGetBranchProtection(t, "master", http.StatusNotFound)

-	testAPICreateBranchProtection(t, "master", 2, http.StatusCreated)
+	testAPICreateBranchProtection(t, "master", 1, http.StatusCreated)
 	// Can only create once
 	testAPICreateBranchProtection(t, "master", 0, http.StatusForbidden)

+	testAPICreateBranchProtection(t, "other-branch", 2, http.StatusCreated)
+
 	// Can't delete a protected branch
 	testAPIDeleteBranch(t, "master", http.StatusForbidden)

--- a/web_src/js/components/ActionRunJobView.vue
+++ b/web_src/js/components/ActionRunJobView.vue
@@ -381,7 +381,7 @@ function toggleTimeDisplay(type: 'seconds' | 'stamp') {

 function toggleFullScreenMode() {
  isFullScreen.value = !isFullScreen.value;
-  toggleFullScreen('.action-view-right', isFullScreen.value, '.action-view-body');
+  toggleFullScreen(document.querySelector('.action-view-right')!, isFullScreen.value, '.action-view-body');
 }

 async function hashChangeListener() {
--- a/web_src/js/features/repo-projects.ts
+++ b/web_src/js/features/repo-projects.ts
@@ -5,6 +5,8 @@ import {fomanticQuery} from '../modules/fomantic/base.ts';
 import {queryElemChildren, queryElems, toggleElem} from '../utils/dom.ts';
 import type {SortableEvent} from 'sortablejs';
 import {toggleFullScreen} from '../utils.ts';
+import {registerGlobalInitFunc} from '../modules/observer.ts';
+import {localUserSettings} from '../modules/user-settings.ts';

 function updateIssueCount(card: HTMLElement): void {
  const parent = card.parentElement!;
@@ -143,27 +145,42 @@ function initRepoProjectColumnEdit(writableProjectBoard: Element): void {
  });
 }

-function initRepoProjectToggleFullScreen(): void {
+function initRepoProjectToggleFullScreen(elProjectsView: HTMLElement): void {
  const enterFullscreenBtn = document.querySelector('.screen-full');
  const exitFullscreenBtn = document.querySelector('.screen-normal');
  if (!enterFullscreenBtn || !exitFullscreenBtn) return;

+  const settingKey = 'projects-view-options';
+  type ProjectsViewOptions = {
+    fullScreen: boolean;
+  };
+  const opts = localUserSettings.getJsonObject<ProjectsViewOptions>(settingKey, {fullScreen: false});
  const toggleFullscreenState = (isFullScreen: boolean) => {
-    toggleFullScreen('.projects-view', isFullScreen);
+    toggleFullScreen(elProjectsView, isFullScreen);
    toggleElem(enterFullscreenBtn, !isFullScreen);
    toggleElem(exitFullscreenBtn, isFullScreen);
+
+    opts.fullScreen = isFullScreen;
+    localUserSettings.setJsonObject(settingKey, opts);
  };

  enterFullscreenBtn.addEventListener('click', () => toggleFullscreenState(true));
  exitFullscreenBtn.addEventListener('click', () => toggleFullscreenState(false));
+  if (opts.fullScreen) {
+    // a temporary solution to remember the full screen state, not perfect,
+    // just make UX better than before, especially for users who need to change the label filter frequently and want to keep full screen mode.
+    toggleFullscreenState(true);
+  }
 }

-export function initRepoProject(): void {
-  initRepoProjectToggleFullScreen();
+export function initRepoProjectsView(): void {
+  registerGlobalInitFunc('initRepoProjectsView', (elProjectsView) => {
+    initRepoProjectToggleFullScreen(elProjectsView);

-  const writableProjectBoard = document.querySelector('#project-board[data-project-board-writable="true"]');
-  if (!writableProjectBoard) return;
+    const writableProjectBoard = document.querySelector('#project-board[data-project-board-writable="true"]');
+    if (!writableProjectBoard) return;

-  initRepoProjectSortable(); // no await
-  initRepoProjectColumnEdit(writableProjectBoard);
+    initRepoProjectSortable(); // no await
+    initRepoProjectColumnEdit(writableProjectBoard);
+  });
 }
--- a/web_src/js/index.ts
+++ b/web_src/js/index.ts
@@ -9,7 +9,7 @@ import {initRepoGraphGit} from './features/repo-graph.ts';
 import {initHeatmap} from './features/heatmap.ts';
 import {initImageDiff} from './features/imagediff.ts';
 import {initRepoMigration} from './features/repo-migration.ts';
-import {initRepoProject} from './features/repo-projects.ts';
+import {initRepoProjectsView} from './features/repo-projects.ts';
 import {initTableSort} from './features/tablesort.ts';
 import {initAdminUserListSearchForm} from './features/admin/users.ts';
 import {initAdminConfigs} from './features/admin/config.ts';
@@ -132,7 +132,7 @@ const initPerformanceTracer = callInitFunctions([
  initRepoIssueFilterItemLabel,
  initRepoMigration,
  initRepoMigrationStatusChecker,
-  initRepoProject,
+  initRepoProjectsView,
  initRepoPullRequestReview,
  initRepoReleaseNew,
  initRepoTopicBar,
--- a/web_src/js/utils.ts
+++ b/web_src/js/utils.ts
@@ -208,7 +208,7 @@ export function isVideoFile({name, type}: {name?: string, type?: string}): boole
  return Boolean(/\.(mpe?g|mp4|mkv|webm)$/i.test(name || '') || type?.startsWith('video/'));
 }

-export function toggleFullScreen(fullscreenElementsSelector: string, isFullScreen: boolean, sourceParentSelector?: string): void {
+export function toggleFullScreen(fullScreenEl: HTMLElement, isFullScreen: boolean, sourceParentSelector?: string): void {
  // hide other elements
  const headerEl = document.querySelector('#navbar')!;
  const contentEl = document.querySelector('.page-content')!;
@@ -218,9 +218,8 @@ export function toggleFullScreen(fullscreenElementsSelector: string, isFullScree
  toggleElem(footerEl, !isFullScreen);

  const sourceParentEl = sourceParentSelector ? document.querySelector(sourceParentSelector)! : contentEl;
-  const fullScreenEl = document.querySelector(fullscreenElementsSelector)!;
  const outerEl = document.querySelector('.full.height')!;
-  toggleElemClass(fullscreenElementsSelector, 'fullscreen', isFullScreen);
+  toggleElemClass(fullScreenEl, 'fullscreen', isFullScreen);
  if (isFullScreen) {
    outerEl.append(fullScreenEl);
  } else {