Do not set Accept header twice (#28598)

Revert #28550

Don't add the `Accept` header twice.

models/auth/session.go

@@ -41,12 +41,15 @@ func ReadSession(ctx context.Context, key string) (*Session, error) {
 	}
 	defer committer.Close()
 
-	session, exist, err := db.Get[Session](ctx, builder.Eq{"key": key})
+	session, exist, err := db.Get[Session](ctx, builder.Eq{"`key`": key})
 	if err != nil {
 		return nil, err
 	} else if !exist {
-		session.Expiry = timeutil.TimeStampNow()
+		session = &Session{
-		if err := db.Insert(ctx, &session); err != nil {
+			Key:    key,
+			Expiry: timeutil.TimeStampNow(),
+		}
+		if err := db.Insert(ctx, session); err != nil {
 			return nil, err
 		}
 	}
@@ -56,7 +59,7 @@ func ReadSession(ctx context.Context, key string) (*Session, error) {
 
 // ExistSession checks if a session exists
 func ExistSession(ctx context.Context, key string) (bool, error) {
-	return db.Exist[Session](ctx, builder.Eq{"key": key})
+	return db.Exist[Session](ctx, builder.Eq{"`key`": key})
 }
 
 // DestroySession destroys a session
@@ -75,13 +78,13 @@ func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, er
 	}
 	defer committer.Close()
 
-	if has, err := db.Exist[Session](ctx, builder.Eq{"key": newKey}); err != nil {
+	if has, err := db.Exist[Session](ctx, builder.Eq{"`key`": newKey}); err != nil {
 		return nil, err
 	} else if has {
 		return nil, fmt.Errorf("session Key: %s already exists", newKey)
 	}
 
-	if has, err := db.Exist[Session](ctx, builder.Eq{"key": oldKey}); err != nil {
+	if has, err := db.Exist[Session](ctx, builder.Eq{"`key`": oldKey}); err != nil {
 		return nil, err
 	} else if !has {
 		if err := db.Insert(ctx, &Session{
@@ -96,7 +99,7 @@ func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, er
 		return nil, err
 	}
 
-	s, _, err := db.Get[Session](ctx, builder.Eq{"key": newKey})
+	s, _, err := db.Get[Session](ctx, builder.Eq{"`key`": newKey})
 	if err != nil {
 		// is not exist, it should be impossible
 		return nil, err

modules/lfs/http_client.go

@@ -79,10 +79,7 @@ func (c *HTTPClient) batch(ctx context.Context, operation string, objects []Poin
 		return nil, err
 	}
 
-	req, err := createRequest(ctx, http.MethodPost, url, map[string]string{
+	req, err := createRequest(ctx, http.MethodPost, url, map[string]string{"Content-Type": MediaType}, payload)
-		"Content-Type": MediaType,
-		"Accept":       MediaType,
-	}, payload)
 	if err != nil {
 		return nil, err
 	}

options/locale/locale_fr-FR.ini

@@ -1665,10 +1665,10 @@ issues.review.un_resolve_conversation=Rouvrir la conversation
 issues.review.resolved_by=a marqué cette conversation comme résolue.
 issues.assignee.error=Tous les assignés n'ont pas été ajoutés en raison d'une erreur inattendue.
 issues.reference_issue.body=Corps
-issues.content_history.deleted=supprimé
+issues.content_history.deleted=a supprimé
-issues.content_history.edited=édité
+issues.content_history.edited=a édité
-issues.content_history.created=créé
+issues.content_history.created=a créé
-issues.content_history.delete_from_history=Supprimé de l’historique
+issues.content_history.delete_from_history=Supprimer de l’historique
 issues.content_history.delete_from_history_confirm=Supprimer de l’historique ?
 issues.content_history.options=Options
 issues.reference_link=Référence : %s
@@ -3521,6 +3521,7 @@ runs.actors_no_select=Tous les acteurs
 runs.status_no_select=Touts les statuts
 runs.no_results=Aucun résultat correspondant.
 runs.no_runs=Le flux de travail n'a pas encore d'exécution.
+runs.empty_commit_message=(message de révision vide)
 
 workflow.disable=Désactiver le flux de travail
 workflow.disable_success=Le flux de travail « %s » a bien été désactivé.

routers/api/v1/admin/runners.go

@@ -0,0 +1,26 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package admin
+
+import (
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/routers/api/v1/shared"
+)
+
+// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
+
+// GetRegistrationToken returns the token to register global runners
+func GetRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation GET /admin/runners/registration-token admin adminGetRunnerRegistrationToken
+	// ---
+	// summary: Get an global actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, 0, 0)
+}

routers/api/v1/api.go

@@ -948,13 +948,19 @@ func Routes() *web.Route {
 				Post(bind(api.CreateEmailOption{}), user.AddEmail).
 				Delete(bind(api.DeleteEmailOption{}), user.DeleteEmail)
 
-			// create or update a user's actions secrets
+			// manage user-level actions features
-			m.Group("/actions/secrets", func() {
+			m.Group("/actions", func() {
+				m.Group("/secrets", func() {
 					m.Combo("/{secretname}").
 						Put(bind(api.CreateOrUpdateSecretOption{}), user.CreateOrUpdateSecret).
 						Delete(user.DeleteSecret)
 				})
 
+				m.Group("/runners", func() {
+					m.Get("/registration-token", reqToken(), user.GetRegistrationToken)
+				})
+			})
+
 			m.Get("/followers", user.ListMyFollowers)
 			m.Group("/following", func() {
 				m.Get("", user.ListMyFollowing)
@@ -1052,11 +1058,17 @@ func Routes() *web.Route {
 					m.Post("/accept", repo.AcceptTransfer)
 					m.Post("/reject", repo.RejectTransfer)
 				}, reqToken())
-				m.Group("/actions/secrets", func() {
+				m.Group("/actions", func() {
+					m.Group("/secrets", func() {
 						m.Combo("/{secretname}").
 							Put(reqToken(), reqOwner(), bind(api.CreateOrUpdateSecretOption{}), repo.CreateOrUpdateSecret).
 							Delete(reqToken(), reqOwner(), repo.DeleteSecret)
 					})
+
+					m.Group("/runners", func() {
+						m.Get("/registration-token", reqToken(), reqOwner(), repo.GetRegistrationToken)
+					})
+				})
 				m.Group("/hooks/git", func() {
 					m.Combo("").Get(repo.ListGitHooks)
 					m.Group("/{id}", func() {
@@ -1422,12 +1434,18 @@ func Routes() *web.Route {
 				m.Combo("/{username}").Get(reqToken(), org.IsMember).
 					Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
 			})
-			m.Group("/actions/secrets", func() {
+			m.Group("/actions", func() {
+				m.Group("/secrets", func() {
 					m.Get("", reqToken(), reqOrgOwnership(), org.ListActionsSecrets)
 					m.Combo("/{secretname}").
 						Put(reqToken(), reqOrgOwnership(), bind(api.CreateOrUpdateSecretOption{}), org.CreateOrUpdateSecret).
 						Delete(reqToken(), reqOrgOwnership(), org.DeleteSecret)
 				})
+
+				m.Group("/runners", func() {
+					m.Get("/registration-token", reqToken(), reqOrgOwnership(), org.GetRegistrationToken)
+				})
+			})
 			m.Group("/public_members", func() {
 				m.Get("", org.ListPublicMembers)
 				m.Combo("/{username}").Get(org.IsPublicMember).
@@ -1518,6 +1536,9 @@ func Routes() *web.Route {
 					Patch(bind(api.EditHookOption{}), admin.EditHook).
 					Delete(admin.DeleteHook)
 			})
+			m.Group("/runners", func() {
+				m.Get("/registration-token", admin.GetRegistrationToken)
+			})
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryAdmin), reqToken(), reqSiteAdmin())
 
 		m.Group("/topics", func() {

routers/api/v1/org/runners.go

@@ -0,0 +1,31 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package org
+
+import (
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/routers/api/v1/shared"
+)
+
+// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
+
+// GetRegistrationToken returns the token to register org runners
+func GetRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation GET /orgs/{org}/actions/runners/registration-token organization orgGetRunnerRegistrationToken
+	// ---
+	// summary: Get an organization's actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, ctx.Org.Organization.ID, 0)
+}

routers/api/v1/repo/runners.go

@@ -0,0 +1,34 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/routers/api/v1/shared"
+)
+
+// GetRegistrationToken returns the token to register repo runners
+func GetRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/runners/registration-token repository repoGetRunnerRegistrationToken
+	// ---
+	// summary: Get a repository's actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+}

routers/api/v1/shared/runners.go

@@ -0,0 +1,32 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package shared
+
+import (
+	"errors"
+	"net/http"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/util"
+)
+
+// RegistrationToken is response related to registeration token
+// swagger:response RegistrationToken
+type RegistrationToken struct {
+	Token string `json:"token"`
+}
+
+func GetRegistrationToken(ctx *context.APIContext, ownerID, repoID int64) {
+	token, err := actions_model.GetLatestRunnerToken(ctx, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) || (token != nil && !token.IsActive) {
+		token, err = actions_model.NewRunnerToken(ctx, ownerID, repoID)
+	}
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, RegistrationToken{Token: token.Token})
+}

routers/api/v1/user/runners.go

@@ -0,0 +1,26 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package user
+
+import (
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/routers/api/v1/shared"
+)
+
+// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
+
+// GetRegistrationToken returns the token to register user runners
+func GetRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation GET /user/actions/runners/registration-token user userGetRunnerRegistrationToken
+	// ---
+	// summary: Get an user's actions runner registration token
+	// produces:
+	// - application/json
+	// parameters:
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, ctx.Doer.ID, 0)
+}

routers/web/org/home.go

@@ -18,6 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/markdown"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	shared_user "code.gitea.io/gitea/routers/web/shared/user"
 )
 
@@ -157,14 +158,14 @@ func Home(ctx *context.Context) {
 
 	ctx.Data["ShowMemberAndTeamTab"] = ctx.Org.IsMember || len(members) > 0
 
-	profileGitRepo, profileReadmeBlob, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
+	profileDbRepo, profileGitRepo, profileReadmeBlob, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
 	defer profileClose()
-	prepareOrgProfileReadme(ctx, profileGitRepo, profileReadmeBlob)
+	prepareOrgProfileReadme(ctx, profileGitRepo, profileDbRepo, profileReadmeBlob)
 
 	ctx.HTML(http.StatusOK, tplOrgHome)
 }
 
-func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repository, profileReadme *git.Blob) {
+func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repository, profileDbRepo *repo_model.Repository, profileReadme *git.Blob) {
 	if profileGitRepo == nil || profileReadme == nil {
 		return
 	}
@@ -172,9 +173,13 @@ func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repositor
 	if bytes, err := profileReadme.GetBlobContent(setting.UI.MaxDisplayFileSize); err != nil {
 		log.Error("failed to GetBlobContent: %v", err)
 	} else {
+		// Pass URLPrefix to markdown render for the full link of media elements.
+		// The profile of default branch would be shown.
+		prefix := profileDbRepo.Link() + "/src/branch/" + util.PathEscapeSegments(profileDbRepo.DefaultBranch)
 		if profileContent, err := markdown.RenderString(&markup.RenderContext{
 			Ctx:       ctx,
 			GitRepo:   profileGitRepo,
+			URLPrefix: prefix,
 			Metas:     map[string]string{"mode": "document"},
 		}, bytes); err != nil {
 			log.Error("failed to RenderString: %v", err)

routers/web/shared/user/header.go

@@ -87,7 +87,7 @@ func PrepareContextForProfileBigAvatar(ctx *context.Context) {
 	}
 }
 
-func FindUserProfileReadme(ctx *context.Context, doer *user_model.User) (profileGitRepo *git.Repository, profileReadmeBlob *git.Blob, profileClose func()) {
+func FindUserProfileReadme(ctx *context.Context, doer *user_model.User) (profileDbRepo *repo_model.Repository, profileGitRepo *git.Repository, profileReadmeBlob *git.Blob, profileClose func()) {
 	profileDbRepo, err := repo_model.GetRepositoryByName(ctx, ctx.ContextUser.ID, ".profile")
 	if err == nil {
 		perm, err := access_model.GetUserRepoPermission(ctx, profileDbRepo, doer)
@@ -105,7 +105,7 @@ func FindUserProfileReadme(ctx *context.Context, doer *user_model.User) (profile
 	} else if !repo_model.IsErrRepoNotExist(err) {
 		log.Error("FindUserProfileReadme failed to GetRepositoryByName: %v", err)
 	}
-	return profileGitRepo, profileReadmeBlob, func() {
+	return profileDbRepo, profileGitRepo, profileReadmeBlob, func() {
 		if profileGitRepo != nil {
 			_ = profileGitRepo.Close()
 		}
@@ -115,7 +115,7 @@ func FindUserProfileReadme(ctx *context.Context, doer *user_model.User) (profile
 func RenderUserHeader(ctx *context.Context) {
 	prepareContextForCommonProfile(ctx)
 
-	_, profileReadmeBlob, profileClose := FindUserProfileReadme(ctx, ctx.Doer)
+	_, _, profileReadmeBlob, profileClose := FindUserProfileReadme(ctx, ctx.Doer)
 	defer profileClose()
 	ctx.Data["HasProfileReadme"] = profileReadmeBlob != nil
 }

routers/web/user/profile.go

@@ -64,17 +64,17 @@ func userProfile(ctx *context.Context) {
 		ctx.Data["HeatmapTotalContributions"] = activities_model.GetTotalContributionsInHeatmap(data)
 	}
 
-	profileGitRepo, profileReadmeBlob, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
+	profileDbRepo, profileGitRepo, profileReadmeBlob, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
 	defer profileClose()
 
 	showPrivate := ctx.IsSigned && (ctx.Doer.IsAdmin || ctx.Doer.ID == ctx.ContextUser.ID)
-	prepareUserProfileTabData(ctx, showPrivate, profileGitRepo, profileReadmeBlob)
+	prepareUserProfileTabData(ctx, showPrivate, profileDbRepo, profileGitRepo, profileReadmeBlob)
 	// call PrepareContextForProfileBigAvatar later to avoid re-querying the NumFollowers & NumFollowing
 	shared_user.PrepareContextForProfileBigAvatar(ctx)
 	ctx.HTML(http.StatusOK, tplProfile)
 }
 
-func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileGitRepo *git.Repository, profileReadme *git.Blob) {
+func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDbRepo *repo_model.Repository, profileGitRepo *git.Repository, profileReadme *git.Blob) {
 	// if there is a profile readme, default to "overview" page, otherwise, default to "repositories" page
 	// if there is not a profile readme, the overview tab should be treated as the repositories tab
 	tab := ctx.FormString("tab")
@@ -233,9 +233,17 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileGi
 		if bytes, err := profileReadme.GetBlobContent(setting.UI.MaxDisplayFileSize); err != nil {
 			log.Error("failed to GetBlobContent: %v", err)
 		} else {
+			// Give the URLPrefix to the markdown render for the full link of media element.
+			// the media link usually be like /[user]/[repoName]/media/branch/[branchName],
+			// 	Eg. /Tom/.profile/media/branch/main
+			// The branch shown on the profile page is the default branch, this need to be in sync with doc, see:
+			//	https://docs.gitea.com/usage/profile-readme
+
+			prefix := profileDbRepo.Link() + "/src/branch/" + util.PathEscapeSegments(profileDbRepo.DefaultBranch)
 			if profileContent, err := markdown.RenderString(&markup.RenderContext{
 				Ctx:       ctx,
 				GitRepo:   profileGitRepo,
+				URLPrefix: prefix,
 				Metas:     map[string]string{"mode": "document"},
 			}, bytes); err != nil {
 				log.Error("failed to RenderString: %v", err)

templates/swagger/v1_json.tmpl

@@ -392,6 +392,23 @@
         }
       }
     },
+    "/admin/runners/registration-token": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Get an global actions runner registration token",
+        "operationId": "adminGetRunnerRegistrationToken",
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
     "/admin/unadopted": {
       "get": {
         "produces": [
@@ -1562,6 +1579,32 @@
         }
       }
     },
+    "/orgs/{org}/actions/runners/registration-token": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "organization"
+        ],
+        "summary": "Get an organization's actions runner registration token",
+        "operationId": "orgGetRunnerRegistrationToken",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "name of the organization",
+            "name": "org",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
     "/orgs/{org}/actions/secrets": {
       "get": {
         "produces": [
@@ -12359,6 +12402,39 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/runners/registration-token": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Get a repository's actions runner registration token",
+        "operationId": "repoGetRunnerRegistrationToken",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/signing-key.gpg": {
       "get": {
         "produces": [
@@ -14517,6 +14593,23 @@
         }
       }
     },
+    "/user/actions/runners/registration-token": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "user"
+        ],
+        "summary": "Get an user's actions runner registration token",
+        "operationId": "userGetRunnerRegistrationToken",
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
     "/user/actions/secrets/{secretname}": {
       "put": {
         "consumes": [
@@ -23726,6 +23819,14 @@
         }
       }
     },
+    "RegistrationToken": {
+      "description": "RegistrationToken is response related to registeration token",
+      "headers": {
+        "token": {
+          "type": "string"
+        }
+      }
+    },
     "Release": {
       "description": "Release",
       "schema": {

tests/integration/session_test.go

@@ -0,0 +1,37 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_RegenerateSession(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	key := "new_key890123456"  // it must be 16 characters long
+	key2 := "new_key890123457" // it must be 16 characters
+	exist, err := auth.ExistSession(db.DefaultContext, key)
+	assert.NoError(t, err)
+	assert.False(t, exist)
+
+	sess, err := auth.RegenerateSession(db.DefaultContext, "", key)
+	assert.NoError(t, err)
+	assert.EqualValues(t, key, sess.Key)
+	assert.Len(t, sess.Data, 0)
+
+	sess, err = auth.ReadSession(db.DefaultContext, key2)
+	assert.NoError(t, err)
+	assert.EqualValues(t, key2, sess.Key)
+	assert.Len(t, sess.Data, 0)
+}