Allow private repositories to enable public release downloads on their landing pages. When enabled, unauthenticated users can download release attachments without accessing the repository. Adds download sections to all landing page templates with styling.
Separate packages into PublicPackages and PrivatePackages arrays for template rendering. Add CanWritePackages flag to determine if viewer has permission to publish packages (admin, owner, or org team member with write access). Revert anonymous user 404 redirect to show proper error page.
Improve UX for unauthenticated visitors by redirecting them to the homepage instead of showing a 404 page. Authenticated users still see the standard 404 error page.
Add repository setting to control anonymous access to app integration endpoints (issue submission, update checks). When enabled (default), the desktop app can access these endpoints without authentication. When disabled, vault token authentication is required.
This provides granular control over app integration access, allowing repository owners to enforce full authentication on sensitive repositories while maintaining ease of use for public/limited repos.
Changes include:
- New PublicAppIntegration boolean field on Repository model
- Database migration v365 to add the field (defaults to true)
- Repository settings UI to toggle the feature
- Updated checkVaultTokenForRepo to respect the setting
- Security enhancement: IssueStatusJSONEndpoint now only returns app-submitted issues to anonymous users
Implements comprehensive wishlist/feature request system for repositories. Includes categories with colors, voting system, importance ratings (1-5 stars), status tracking (open/planned/in-progress/completed/declined), threaded comments with reactions, and release linking. Adds v2 API endpoints for CRUD operations. Includes repository settings toggle, header tab, and full UI templates for list/view/create. Supports vote counts, importance averages, and comment reactions.
Adds comprehensive blog post system for repositories with draft/public/published status, featured images, tags, and subscriptions. Includes database models, migrations, CRUD operations, email notifications, explore page, and full UI templates for creating, editing, and viewing blog posts.
Implement complete subscription monetization system for repositories with Stripe and PayPal integration. Includes:
- Database models and migrations for monetization settings, subscription products, and user subscriptions
- Payment provider abstraction layer with Stripe and PayPal implementations
- Admin UI for configuring payment providers and viewing subscriptions
- Repository settings UI for managing subscription products and tiers
- Subscription checkout flow and webhook handlers for payment events
- Access control to gate repository code behind active subscriptions
Introduces a new "limited" visibility level between public and private. Limited repos are publicly browseable but restrict clone, fork, and archive downloads to collaborators only. Adds database migration, UI controls in settings, enforcement in git HTTP and SSH handlers, and corresponding locale strings.
Changes permission check from write to read access for viewing private packages. Organization members with read permissions can now view private packages, not just those with write access.
Implements comprehensive package visibility settings with migration v337. Adds database models for package and version-level access control, updates web UI templates for settings/list/view pages, and includes locale strings for the new features. Also adds .gitsecrets-ignore file to track false positives from secret scanning.
Add is_global flag to packages allowing them to be accessible at root URLs without owner prefix. Include database migration, package settings UI, admin bulk operations, and automatic repository matching. This enables cleaner package URLs for organization-wide packages.
Go's semantic import versioning requires v2+ modules to include the
major version in the module path. This enables using proper version
tags (v3.x.x) instead of pseudo-versions.
Updated module path: code.gitcaddy.com/server/v3
- Remove repo_service import from services/context/repo.go (caused import cycle)
- Inline HasWiki check using gitrepo.IsRepositoryExist
- Fix type assertion for Repo in org/home.go (any -> *repo_model.Repository)
- Add missing {{end}} in org/home.tmpl template
- Update licenses.txt with MarketAlly header
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update swagger/ui.tmpl to use Scalar instead of swagger-ui
- Add version selector bar to v1 and v2 API docs
- Update theme colors to green (#609926) in light/dark themes
- Add MarketAlly header to licenses.txt generation
- Fix Hide Explore Users functionality
- Fix org home visibility for private repos and empty states
- Fix wiki/packages visibility for non-members
- Add promotional format for pinned orgs on homepage
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New files: Copyright 2026 MarketAlly
- Modified files: Copyright YYYY The Gitea Authors and MarketAlly
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The pin dropdown now correctly shows the Pin to Organization option
when viewing a repo owned by an org where the user is a member.
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add UserPinnedRepo model for pinning repos to user profiles
- Add Pin dropdown in repo header with options for profile/org
- Add pin/unpin routes and handlers
- Update user profile to show pinned repos with nice cards
- User overview tab always visible (like org overview)
- Shows empty state with instructions when no pinned repos
- Limit of 6 pinned repos per user
- Org members can pin repos to organization
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This introduces a new v2 API at /api/v2/ with features designed for
AI agents and automation tools while maintaining full backward
compatibility with the existing v1 API.
New features:
- Structured error codes (70+ machine-readable codes) for precise
error handling by automated tools
- Scalar API documentation at /api/v2/docs (modern replacement for
Swagger UI)
- Batch operations for bulk file and repository fetching
- NDJSON streaming endpoints for files, commits, and issues
- AI context endpoints providing rich repository summaries,
navigation hints, and issue context
Files added:
- modules/errors/codes.go - Error code definitions and catalog
- modules/errors/api_error.go - Rich API error response builder
- routers/api/v2/api.go - v2 router with auth middleware
- routers/api/v2/docs.go - Scalar docs and OpenAPI spec
- routers/api/v2/batch.go - Batch file/repo operations
- routers/api/v2/streaming.go - NDJSON streaming endpoints
- routers/api/v2/ai_context.go - AI context endpoints
- routers/api/v2/misc.go - Version and user endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add X-Request-ID header middleware for request tracing
- Extracts from incoming headers or generates short UUID
- Included in all error responses for debugging
- Add rate limit headers (X-RateLimit-Limit/Remaining/Reset)
- Currently informational, configurable via API.RateLimitPerHour
- Prepared for future enforcement
- Add chunk checksum verification for uploads
- Optional X-Chunk-Checksum header with SHA-256 hash
- Verifies data integrity during chunked uploads
- Standardize error responses with RFC 7807 Problem Details
- Added type, title, status, detail, instance fields
- Maintains backward compatibility with legacy fields
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Per-repository signing keys have never been officially supported, as
they would require users to modify the repository’s config file.
At this point, it is clear that only global signing keys (GPG or SSH)
should be allowed. If we want to introduce per-repository signing keys
in the future, it will require a complete design proposal.
The endpoint will not be removed for repository special signing key, but
it will reference the global signing key.
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Refactor Git command functions to use WithXXX methods instead of
exposing RunOpts.
This change simplifies reuse across gitrepo and improves consistency,
encapsulation, and maintainability of command options.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Make "Issuer" strictly follow the spec (see comment)
2. Make "/.well-known/openid-configuration" respond 404 if the OAuth2
provider is not enabled.
Then by the way, remove the JSEscape template helper because it is not
needed any more.
When viewing a file that the user can't edit because they can't write to
the branch, the new, upload, patch, edit and delete functionality is no
longer disabled.
If no user fork of the repository exists, there is now a page to create one.
It will automatically create a fork with a single branch matching the one
being viewed, and a unique repository name will be automatically picked.
When a fork exists, but it's archived, a mirror or the user can't write
code to it, there will instead be a message explaining the situation.
If the usable fork exists, a message will appear at the top of the edit page
explaining that the changes will be applied to a branch in the fork. The
base repository branch will be pushed to a new branch to the fork, and
then the edits will be applied on top.
The suggestion to fork happens when accessing /_edit/, so that for
example online documentation can have an "edit this page" link to
the base repository that does the right thing.
Also includes changes to properly report errors when trying to commit
to a new branch that is protected, and when trying to commit to an
existing branch when choosing the new branch option.
Resolves#9017, #20882
---------
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Noticed the SQL will be executed 4 times when visit the file render view
page. For a repository which have many pull requests, it maybe slow.
```SQL
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 2.004167ms
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 1.03975ms
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 881.583µs
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 935.084µs
```
This PR did a refactor to query it once only.
* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea
* SSH format can be added in gitea config
* SSH Signing worked before with DEFAULT_TRUST_MODEL=committer
`TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents
to trust for every user of this instance
Closes#34329
Related #31392
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The tags synchronization is very slow for a non-mirror repository with
many tags especially forking. This PR make all repositories' tags
synchronization use the same function and remove the low performance
synchronization function. The commit count of tag now will not be stored
into database when syncing. Since the commits count will always be read
from cache or git data, the `NumCommits` in the release table will be
updated for the first read from git data.
