MokoConsulting/MokoGitea
1
0
Fork 0
Code Issues 150 Pull Requests Actions Packages Licenses 2 Releases 68 Wiki Activity
20,899 Commits 64 Branches 318 Tags
6e0236d43345b95ffcaaf3d93d053a2e72d8ad1b
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Giteabot 6e0236d433 fix(security): enforce wiki git writes and LFS token access at request time (#37695) (#37714) 
Backport #37695 by @lunny

This PR fixes two permission-checking gaps in Git and LFS request
handling.

## What it changes

- keep wiki Git HTTP pushes on the normal write-permission path, even
when proc-receive support is enabled
- revalidate LFS bearer token requests against the current user state
and current repository permissions before allowing access
- add regression coverage for unauthorized wiki HTTP pushes
- add LFS tests for blocked users, revoked repository access, read-only
upload attempts, and valid write access

## Why

- wiki repositories should not inherit the relaxed refs/for handling
used for normal code repositories
- LFS authorization tokens should not remain usable after a user is
disabled or loses repository access

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-05-24 03:35:22 -05:00
.devcontainer
chore: upgrade Go version in devcontainer image to 1.26 (#37374)
2026-04-22 21:47:59 +02:00
.github
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
.mokogitea
feat(ci): add upstream bug sync workflow
2026-05-24 03:28:47 -05:00
assets
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
build
Serve OpenAPI 3.0 spec at /openapi.v1.json (#37038)
2026-04-29 20:47:52 +08:00
cmd
fix: redirect early CLI console logger to stderr (#37507)
2026-05-02 15:45:31 +00:00
contrib
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
custom/conf
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
docker
Fix various problems (#37129)
2026-04-08 01:17:05 +08:00
models
feat(api): encrypt AWS creds (#37679) (#37713)
2026-05-24 03:35:21 -05:00
modules
feat(api): encrypt AWS creds (#37679) (#37713)
2026-05-24 03:35:21 -05:00
options
fix(packages): Add label for private and internal package and fix composor package source permission check (#37610) (#37643)
2026-05-24 03:34:47 -05:00
public
Update go js py dependencies (#37525)
2026-05-04 19:27:47 +00:00
routers
fix(security): enforce wiki git writes and LFS token access at request time (#37695) (#37714)
2026-05-24 03:35:22 -05:00
services
fix(security): enforce wiki git writes and LFS token access at request time (#37695) (#37714)
2026-05-24 03:35:22 -05:00
snap
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
templates
fix(packages): Add label for private and internal package and fix composor package source permission check (#37610) (#37643)
2026-05-24 03:34:47 -05:00
tests
fix(security): enforce wiki git writes and LFS token access at request time (#37695) (#37714)
2026-05-24 03:35:22 -05:00
tools
ci: allow chore type in PR title lint (#37575)
2026-05-07 17:18:10 +00:00
web_src
fix: restore dropzone imports from upstream v1.26.1
2026-05-15 20:08:59 -05:00
.air.toml
Update JS deps, fix deprecations (#36040)
2025-11-27 23:58:10 +00:00
.changelog.yml
Don't add useless labels which will bother changelog generation (#37267)
2026-04-19 11:34:40 -07:00
.dockerignore
Refactor integration tests infrastructure (#37462)
2026-04-29 16:37:38 +00:00
.editorconfig
Serve OpenAPI 3.0 spec at /openapi.v1.json (#37038)
2026-04-29 20:47:52 +08:00
.envrc
Enable direnv (#31672)
2024-07-23 12:07:41 +00:00
.gitattributes
Add ability for local makefile with personal customizations that wouldnt affect remote repo (#35836)
2025-11-08 20:23:55 +00:00
.gitignore
Allow multiple projects per issue and pull requests (#36784)
2026-04-30 22:38:05 +08:00
.golangci.yml
Replace custom Go formatter with golangci-lint fmt (#37194)
2026-04-17 17:45:22 +00:00
.ignore
Clean bindata (#34728)
2025-06-16 12:03:51 +00:00
.mailmap
[chore] add git mailmap for proper attribution of authorship (#33612)
2025-02-16 20:49:28 +08:00
.markdownlint.yaml
Enable markdownlint no-trailing-punctuation and no-blanks-blockquote (#29214)
2024-02-17 13:18:05 +00:00
.mcp.json
feat(api): add custom fields on issues
2026-05-07 22:37:43 -05:00
.npmrc
Switch to pnpm (#35274)
2025-09-04 01:17:14 +00:00
.spectral.yaml
Add spectral linter for Swagger (#20321)
2022-07-11 18:07:16 -05:00
.yamllint.yaml
Move jobparser from act repository to Gitea (#36699)
2026-02-22 19:33:01 +00:00
AGENTS.md
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
BSDmakefile
Fix build errors on BSD (in BSDMakefile) (#27594)
2023-10-13 15:38:27 +00:00
CHANGELOG-archived.md
Fix changelog (main) (#30582)
2024-04-19 06:08:30 +00:00
CHANGELOG.md
feat(api): bulk issue operations — labels, state, milestone, assignees (#21)
2026-05-21 21:40:25 -05:00
CLAUDE.md
Improve timeline entries for WIP prefix changes in pull requests (#36518)
2026-02-05 05:57:08 +00:00
CODE_OF_CONDUCT.md
Fixed minor typos in two files #HSFDPMUW (#34944)
2025-07-06 09:27:26 -07:00
CONTRIBUTING.md
ci: allow chore type in PR title lint (#37575)
2026-05-07 17:18:10 +00:00
crowdin.yml
Convert locale files from ini to json format (#35489)
2025-12-19 09:50:48 -08:00
DCO
Remove address from DCO (#22595)
2023-01-24 18:52:38 +00:00
Dockerfile
fix: remove go mod tidy from Dockerfile — code compiles without it
2026-05-17 13:57:58 -05:00
Dockerfile.rootless
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
eslint.config.ts
Frontend iframe renderer framework: 3D models, OpenAPI (#37233)
2026-04-17 22:30:17 +00:00
eslint.json.config.ts
Add JSON linting (#36192)
2025-12-19 06:27:21 +00:00
flake.lock
Update Nix flake (#37425)
2026-04-26 11:46:48 +02:00
flake.nix
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
go.mod
fix: add sqlite + kin-openapi deps via go get (no tidy)
2026-05-19 13:10:09 -05:00
go.sum
fix: add sqlite + kin-openapi deps via go get (no tidy)
2026-05-19 13:10:09 -05:00
LICENSE
Fix typo
2016-11-08 08:42:05 +01:00
main_timezones.go
add timetzdata build tag to binary releases (#33463)
2025-02-05 04:17:08 +00:00
main.go
Clean up Makefile, tests and legacy code (#36638)
2026-02-19 01:23:32 +00:00
MAINTAINERS
Apply as maintainer (#36947)
2026-03-22 08:18:42 -07:00
Makefile
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
package.json
fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#37665)
2026-05-24 03:35:04 -05:00
playwright.config.ts
Revert "Add WebKit to e2e test matrix (#37298)" (#37315)
2026-04-20 19:49:38 +00:00
pnpm-lock.yaml
fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#37665)
2026-05-24 03:35:04 -05:00
pyproject.toml
Update JS and PY deps (#36383)
2026-01-16 11:00:16 +00:00
README.md
docs: update README from wiki Home
2026-05-10 18:39:37 +00:00
README.zh-cn.md
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
README.zh-tw.md
refactor: use modernc sqlite driver as default (#37562)
2026-05-06 18:57:59 +00:00
renovate.json5
fix: Fix nolyfill for renovate (#37537)
2026-05-04 21:39:20 +00:00
SECURITY.md
Upgrade security public key (#34956)
2025-07-05 10:11:41 -04:00
stylelint.config.ts
refactor: lint bare fill/stroke colors, add vars for git graph color series (#37543)
2026-05-07 21:18:23 +00:00
tailwind.config.ts
Fix UI regression (#37218)
2026-04-14 23:24:44 +08:00
tsconfig.json
Enable strict TypeScript, add errorMessage helper (#37292)
2026-04-20 07:22:05 +00:00
types.d.ts
Remove htmx (#37224)
2026-04-15 17:26:26 +00:00
uv.lock
Update go js py dependencies (#37525)
2026-05-04 19:27:47 +00:00
vite.config.ts
Fail vite build on rolldown warnings via NODE_ENV=test (#37270)
2026-04-21 18:11:07 +00:00
vitest.config.ts
Enable concurrent vitest execution (#36998)
2026-03-30 16:17:16 +00:00

README.md

MokoGitea

Moko fork of Gitea — adding project board REST API endpoints and custom enhancements

Language License Wiki

Custom Gitea fork with Project Board API

Pages

Category: Infrastructure | Platform: moko-platform wiki

Documentation

Full documentation is available on the Wiki.

Contributing

See the wiki for development guidelines and contribution instructions.

License

This project is licensed under the GNU General Public License v3.0 or later -- see the LICENSE file.

Moko Consulting -- MokoStandards

Reference in New Issue View Git Blame Copy Permalink
S
Description
Moko fork of Gitea — adding project board REST API endpoints and custom enhancements
bitbucketcicddevopsdocker-registry-v2gitgit-guigit-lfsgit-servergiteagithubgithub-actionsgitlabgogolanghacktoberfestmaven-servernpm-registryself-hostedtypescriptvue
Readme MIT
1 GiB
Releases 68
MokoGitea 05.14.00 (mokogitea-05.14.00)
Latest
2026-05-31 03:45:28 +00:00
Languages
Go 78.4%
Handlebars 12.3%
TypeScript 4.4%
CSS 1.9%
JavaScript 1.6%
Other 1.3%