Merge remote-tracking branch 'upstream/main'

* upstream/main:
  [skip ci] Updated translations via Crowdin
  Add sqlite vscode extension to Gitpod configuration (go-gitea#21552)
  Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (go-gitea#21551)
  Fix package access for admins and inactive users (go-gitea#21580)
  Allow for resolution of NPM registry paths that match upstream (go-gitea#21568)
  Added missing headers on user packages page (go-gitea#21172)
  Record OAuth client type at registration (go-gitea#21316)

.gitpod.yml

@@ -33,6 +33,7 @@ vscode:
     - johnsoncodehk.volar
     - ms-azuretools.vscode-docker
     - zixuanchen.vitest-explorer
+    - alexcvzz.vscode-sqlite
 
 ports:
   - name: Gitea

cmd/admin.go

@@ -588,7 +588,7 @@ func runCreateUser(c *cli.Context) error {
 	}
 
 	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
-		return fmt.Errorf("CreateUser: %v", err)
+		return fmt.Errorf("CreateUser: %w", err)
 	}
 
 	if c.Bool("access-token") {
@@ -735,7 +735,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 			Private: true,
 		})
 		if err != nil {
-			return fmt.Errorf("SearchRepositoryByName: %v", err)
+			return fmt.Errorf("SearchRepositoryByName: %w", err)
 		}
 		if len(repos) == 0 {
 			break

cmd/cmd.go

@@ -68,7 +68,7 @@ Ensure you are running in the correct environment or set the correct configurati
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %v", setting.CustomConf, err)
+		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %w", setting.CustomConf, err)
 	}
 	return nil
 }

cmd/dump_repo.go

@@ -166,7 +166,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	// make sure the directory doesn't exist or is empty, prevent from deleting user files
 	repoDir := ctx.String("repo_dir")
 	if exists, err := util.IsExist(repoDir); err != nil {
-		return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err)
+		return fmt.Errorf("unable to stat repo_dir %q: %w", repoDir, err)
 	} else if exists {
 		if isDir, _ := util.IsDir(repoDir); !isDir {
 			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)

cmd/embedded.go

@@ -186,11 +186,11 @@ func runViewDo(c *cli.Context) error {
 
 	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
-		return fmt.Errorf("%s: %v", assets[0].Path, err)
+		return fmt.Errorf("%s: %w", assets[0].Path, err)
 	}
 
 	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %v", assets[0].Path, err)
+		return fmt.Errorf("%s: %w", assets[0].Path, err)
 	}
 
 	return nil
@@ -251,19 +251,19 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 
 	data, err := a.Section.Asset(a.Name)
 	if err != nil {
-		return fmt.Errorf("%s: %v", a.Path, err)
+		return fmt.Errorf("%s: %w", a.Path, err)
 	}
 
 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-		return fmt.Errorf("%s: %v", dir, err)
+		return fmt.Errorf("%s: %w", dir, err)
 	}
 
 	perms := os.ModePerm & 0o666
 
 	fi, err := os.Lstat(dest)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("%s: %v", dest, err)
+			return fmt.Errorf("%s: %w", dest, err)
 		}
 	} else if !overwrite && !rename {
 		fmt.Printf("%s already exists; skipped.\n", dest)
@@ -272,20 +272,20 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
+			return fmt.Errorf("Error creating backup for %s: %w", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
 	}
 
 	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
 	if err != nil {
-		return fmt.Errorf("%s: %v", dest, err)
+		return fmt.Errorf("%s: %w", dest, err)
 	}
 	defer file.Close()
 
 	if _, err = file.Write(data); err != nil {
-		return fmt.Errorf("%s: %v", dest, err)
+		return fmt.Errorf("%s: %w", dest, err)
 	}
 
 	fmt.Println(dest)
@@ -325,7 +325,7 @@ func getPatterns(args []string) ([]glob.Glob, error) {
 	pat := make([]glob.Glob, len(args))
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
-			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
+			return nil, fmt.Errorf("'%s': Invalid glob pattern: %w", args[i], err)
 		} else {
 			pat[i] = g
 		}

cmd/hook.go

@@ -312,7 +312,7 @@ func runHookPostReceive(c *cli.Context) error {
 
 	// First of all run update-server-info no matter what
 	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
-		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
+		return fmt.Errorf("Failed to call 'git update-server-info': %w", err)
 	}
 
 	// Now if we're an internal don't do anything else

docs/content/doc/developers/oauth2-provider.md

@@ -44,6 +44,12 @@ To use the Authorization Code Grant as a third party application it is required
 
 Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and their organizations.
 
+## Client types
+
+Gitea supports both confidential and public client types, [as defined by RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1).
+
+For public clients, a redirect URI of a loopback IP address such as `http://127.0.0.1/` allows any port. Avoid using `localhost`, [as recommended by RFC 8252](https://datatracker.ietf.org/doc/html/rfc8252#section-8.3).
+
 ## Example
 
 **Note:** This example does not use PKCE.

models/activities/action.go

@@ -359,11 +359,11 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, error) {
 	actions := make([]*Action, 0, opts.PageSize)
 
 	if err := sess.Desc("`action`.created_unix").Find(&actions); err != nil {
-		return nil, fmt.Errorf("Find: %v", err)
+		return nil, fmt.Errorf("Find: %w", err)
 	}
 
 	if err := ActionList(actions).loadAttributes(ctx); err != nil {
-		return nil, fmt.Errorf("LoadAttributes: %v", err)
+		return nil, fmt.Errorf("LoadAttributes: %w", err)
 	}
 
 	return actions, nil
@@ -415,7 +415,7 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
 		env := organization.OrgFromUser(opts.RequestedUser).AccessibleTeamReposEnv(opts.RequestedTeam)
 		teamRepoIDs, err := env.RepoIDs(1, opts.RequestedUser.NumRepos)
 		if err != nil {
-			return nil, fmt.Errorf("GetTeamRepositories: %v", err)
+			return nil, fmt.Errorf("GetTeamRepositories: %w", err)
 		}
 		cond = cond.And(builder.In("repo_id", teamRepoIDs))
 	}
@@ -477,14 +477,14 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 			// Add feeds for user self and all watchers.
 			watchers, err = repo_model.GetWatchers(ctx, act.RepoID)
 			if err != nil {
-				return fmt.Errorf("get watchers: %v", err)
+				return fmt.Errorf("get watchers: %w", err)
 			}
 		}
 
 		// Add feed for actioner.
 		act.UserID = act.ActUserID
 		if _, err = e.Insert(act); err != nil {
-			return fmt.Errorf("insert new actioner: %v", err)
+			return fmt.Errorf("insert new actioner: %w", err)
 		}
 
 		if repoChanged {
@@ -493,7 +493,7 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 
 			// check repo owner exist.
 			if err := act.Repo.GetOwner(ctx); err != nil {
-				return fmt.Errorf("can't get repo owner: %v", err)
+				return fmt.Errorf("can't get repo owner: %w", err)
 			}
 		} else if act.Repo == nil {
 			act.Repo = repo
@@ -504,7 +504,7 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 			act.ID = 0
 			act.UserID = act.Repo.Owner.ID
 			if err = db.Insert(ctx, act); err != nil {
-				return fmt.Errorf("insert new actioner: %v", err)
+				return fmt.Errorf("insert new actioner: %w", err)
 			}
 		}
 
@@ -557,7 +557,7 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 			}
 
 			if err = db.Insert(ctx, act); err != nil {
-				return fmt.Errorf("insert new action: %v", err)
+				return fmt.Errorf("insert new action: %w", err)
 			}
 		}
 	}

models/activities/action_list.go

@@ -36,7 +36,7 @@ func (actions ActionList) loadUsers(ctx context.Context) (map[int64]*user_model.
 		In("id", userIDs).
 		Find(&userMaps)
 	if err != nil {
-		return nil, fmt.Errorf("find user: %v", err)
+		return nil, fmt.Errorf("find user: %w", err)
 	}
 
 	for _, action := range actions {
@@ -62,7 +62,7 @@ func (actions ActionList) loadRepositories(ctx context.Context) error {
 	repoMaps := make(map[int64]*repo_model.Repository, len(repoIDs))
 	err := db.GetEngine(ctx).In("id", repoIDs).Find(&repoMaps)
 	if err != nil {
-		return fmt.Errorf("find repository: %v", err)
+		return fmt.Errorf("find repository: %w", err)
 	}
 
 	for _, action := range actions {

models/activities/notification.go

@@ -403,7 +403,7 @@ func (n *Notification) loadRepo(ctx context.Context) (err error) {
 	if n.Repository == nil {
 		n.Repository, err = repo_model.GetRepositoryByIDCtx(ctx, n.RepoID)
 		if err != nil {
-			return fmt.Errorf("getRepositoryByID [%d]: %v", n.RepoID, err)
+			return fmt.Errorf("getRepositoryByID [%d]: %w", n.RepoID, err)
 		}
 	}
 	return nil
@@ -413,7 +413,7 @@ func (n *Notification) loadIssue(ctx context.Context) (err error) {
 	if n.Issue == nil && n.IssueID != 0 {
 		n.Issue, err = issues_model.GetIssueByID(ctx, n.IssueID)
 		if err != nil {
-			return fmt.Errorf("getIssueByID [%d]: %v", n.IssueID, err)
+			return fmt.Errorf("getIssueByID [%d]: %w", n.IssueID, err)
 		}
 		return n.Issue.LoadAttributes(ctx)
 	}
@@ -440,7 +440,7 @@ func (n *Notification) loadUser(ctx context.Context) (err error) {
 	if n.User == nil {
 		n.User, err = user_model.GetUserByIDCtx(ctx, n.UserID)
 		if err != nil {
-			return fmt.Errorf("getUserByID [%d]: %v", n.UserID, err)
+			return fmt.Errorf("getUserByID [%d]: %w", n.UserID, err)
 		}
 	}
 	return nil

models/activities/repo_activity.go

@@ -49,32 +49,32 @@ func GetActivityStats(ctx context.Context, repo *repo_model.Repository, timeFrom
 	stats := &ActivityStats{Code: &git.CodeActivityStats{}}
 	if releases {
 		if err := stats.FillReleases(repo.ID, timeFrom); err != nil {
-			return nil, fmt.Errorf("FillReleases: %v", err)
+			return nil, fmt.Errorf("FillReleases: %w", err)
 		}
 	}
 	if prs {
 		if err := stats.FillPullRequests(repo.ID, timeFrom); err != nil {
-			return nil, fmt.Errorf("FillPullRequests: %v", err)
+			return nil, fmt.Errorf("FillPullRequests: %w", err)
 		}
 	}
 	if issues {
 		if err := stats.FillIssues(repo.ID, timeFrom); err != nil {
-			return nil, fmt.Errorf("FillIssues: %v", err)
+			return nil, fmt.Errorf("FillIssues: %w", err)
 		}
 	}
 	if err := stats.FillUnresolvedIssues(repo.ID, timeFrom, issues, prs); err != nil {
-		return nil, fmt.Errorf("FillUnresolvedIssues: %v", err)
+		return nil, fmt.Errorf("FillUnresolvedIssues: %w", err)
 	}
 	if code {
 		gitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, repo.RepoPath())
 		if err != nil {
-			return nil, fmt.Errorf("OpenRepository: %v", err)
+			return nil, fmt.Errorf("OpenRepository: %w", err)
 		}
 		defer closer.Close()
 
 		code, err := gitRepo.GetCodeActivityStats(timeFrom, repo.DefaultBranch)
 		if err != nil {
-			return nil, fmt.Errorf("FillFromGit: %v", err)
+			return nil, fmt.Errorf("FillFromGit: %w", err)
 		}
 		stats.Code = code
 	}
@@ -85,13 +85,13 @@ func GetActivityStats(ctx context.Context, repo *repo_model.Repository, timeFrom
 func GetActivityStatsTopAuthors(ctx context.Context, repo *repo_model.Repository, timeFrom time.Time, count int) ([]*ActivityAuthorData, error) {
 	gitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, repo.RepoPath())
 	if err != nil {
-		return nil, fmt.Errorf("OpenRepository: %v", err)
+		return nil, fmt.Errorf("OpenRepository: %w", err)
 	}
 	defer closer.Close()
 
 	code, err := gitRepo.GetCodeActivityStats(timeFrom, "")
 	if err != nil {
-		return nil, fmt.Errorf("FillFromGit: %v", err)
+		return nil, fmt.Errorf("FillFromGit: %w", err)
 	}
 	if code.Authors == nil {
 		return nil, nil

models/asymkey/gpg_key.go

@@ -226,7 +226,7 @@ func DeleteGPGKey(doer *user_model.User, id int64) (err error) {
 		if IsErrGPGKeyNotExist(err) {
 			return nil
 		}
-		return fmt.Errorf("GetPublicKeyByID: %v", err)
+		return fmt.Errorf("GetPublicKeyByID: %w", err)
 	}
 
 	// Check if user has access to delete this key.

models/asymkey/ssh_key.go

@@ -130,7 +130,7 @@ func AddPublicKey(ownerID int64, name, content string, authSourceID int64) (*Pub
 		LoginSourceID: authSourceID,
 	}
 	if err = addKey(ctx, key); err != nil {
-		return nil, fmt.Errorf("addKey: %v", err)
+		return nil, fmt.Errorf("addKey: %w", err)
 	}
 
 	return key, committer.Commit()

models/asymkey/ssh_key_deploy.go

@@ -151,7 +151,7 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
 		pkey.Content = content
 		pkey.Name = name
 		if err = addKey(ctx, pkey); err != nil {
-			return nil, fmt.Errorf("addKey: %v", err)
+			return nil, fmt.Errorf("addKey: %w", err)
 		}
 	}
 

models/asymkey/ssh_key_fingerprint.go

@@ -95,7 +95,7 @@ func CalcFingerprint(publicKeyContent string) (string, error) {
 			log.Info("%s", publicKeyContent)
 			return "", err
 		}
-		return "", fmt.Errorf("%s: %v", fnName, err)
+		return "", fmt.Errorf("%s: %w", fnName, err)
 	}
 	return fp, nil
 }