1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-22 20:06:21 +02:00
Commit Graph

495 Commits

Author SHA1 Message Date
moznion
ddb66e1ba2
Add logger middleware template variables: ${time_unix_milli} and ${time_unix_micro} (#2206)
This patch introduces two template variables `${time_unix_milli}` and
`${time_unix_micro}` into the logger middleware.
Currently, there is no way to interpolate that UNIX milli and micro
seconds timestamp in a log entry, and go 1.17 or later runtime supports
the utility functions `time#UnixMilli()` and `time#UnixMicro()`
so this patch adds them as well.

see also: https://github.com/golang/go/issues/44196

Signed-off-by: moznion <moznion@mail.moznion.net>
2022-07-05 07:57:39 +03:00
welling guzmán
b0453b98e0
fix: basic auth invalid base64 string (#2191)
* fix: basic auth returns 400 on invalid base64 string
2022-05-27 19:44:51 +03:00
Martti T
d5f883707b
Timeout mw: rework how test waits for timeout. Using sleep as delay i… (#2187)
* Timeout mw: rework how test waits for timeout. Using sleep as delay is problematic when CI worker is slower than usual.
2022-05-22 00:21:50 +03:00
toimtoimtoim
28797c761d Timeout mw: fix datarace in tests when we are getting data from buffer (in test) and writing to logger at the same time. 2022-05-21 22:26:56 +03:00
toimtoimtoim
2e02ce3dd8 Timeout mw: fix datarace in tests when we are getting data from buffer. Run each test in their own server so multiple tests cases will not cause datarace getting data out of logger buffer. 2022-05-21 20:12:32 +03:00
gemaizi
572466d928 Fix body_limit middleware unit test 2022-04-05 20:34:49 +03:00
toimtoimtoim
1919cf4491 Timeout middleware write race 2022-03-16 08:09:29 +02:00
Martti T
01d7d01bbc
Fix CSRF middleware not being able to extract token from multipart/form-data form (#2136, fixes #2135) 2022-03-16 00:43:20 +01:00
Becir Basic
5c38c3b770
Recover middleware should not log panic for aborted handler (#2134, fixes #2133)
Co-authored-by: Becir Basic <bb@neotel.at>
2022-03-16 00:29:42 +01:00
Martti T
4a1ccdfdc5
JWT, KeyAuth, CSRF multivalue extractors (#2060)
* CSRF, JWT, KeyAuth middleware support for multivalue value extractors
* Add flag to JWT and KeyAuth middleware to allow continuing execution `next(c)` when error handler decides to swallow the error (returns nil).
2022-01-24 22:03:45 +02:00
ant1k9
7c41b93f0c
Add LogErrorFunc to recover middleware (#2072)
LogErrorFunc provides more general interface to handle errors in the recover middleware.
2022-01-24 11:23:41 +01:00
toimtoimtoim
6f6befe555 improve docs 2022-01-03 21:04:17 +02:00
toimtoimtoim
5b26a5257b Allow header support in Router, MethodNotFoundHandler (405) and CORS middleware 2022-01-03 21:04:17 +02:00
Rashad Ansari
4fffee2ec8 Add custom jwt extractor to jwt config 2021-12-20 21:41:59 +02:00
Nao Yonashiro
7bde9aea06
Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty (#1921)
Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty
2021-12-15 10:15:13 +02:00
Guilherme Cardoso
c32fafad68 Add support for configurable target header for the request_id middleware 2021-12-07 21:34:16 +02:00
David Desmarais-Michaud
b437ee3879
stream decompression instead of buffering (#2018)
* stream decompression instead of buffering
* simple body replace with gzip reader with deferred close
* defer resource closes
* simply gzip.Reader pool
2021-12-03 11:03:42 +01:00
Luka Jajanidze
902c553552 Added comments for RateLimiterMemoryStoreConfig and RateLimiterMemoryStore 2021-11-21 18:22:14 +02:00
Luka Jajanidze
3f099663f1 removed unnecessary comments 2021-11-21 18:22:14 +02:00
Luka Jajanidze
bd29ef9e46 added references to Limiter docs for 0-1 behaviour 2021-11-21 18:22:14 +02:00
Kaan Karakaya
d604704563 Fix rate limiter example
time.Minutes is doesn't exist
2021-10-15 21:08:11 +03:00
Martti T
a2e6ca7ed6
Add start time to request logger middleware values (#1991) 2021-09-23 23:17:09 +03:00
Martti T
1e7e67cddb
Added request logger middleware which helps to use custom logger library for logging requests (#1980)
Added request logger middleware which helps to use custom logger library for logging requests.
2021-09-14 20:57:47 +03:00
pwli
7f502b1ff1
try to fix #1905 and add some notes (#1947)
* fix 1905 and add some notes

(cherry picked from commit 9d96199e2dbb6d4374b5a8b6e16fdc0b0d7cb3a7)

* fix typo

(cherry picked from commit e8ea1bcabb6cdb50b06e1ec0e7c3cce44287d8b7)

* Add tests for timeout middleware with full http.Server stack running.
Add warning about middleware

* Fix example

Co-authored-by: lipengwei <lipengwei@uniontech.com>
Co-authored-by: toimtoimtoim <desinformatsioon@gmail.com>
2021-08-22 20:25:09 +03:00
Philipp Thun
499097e061 Ignore case of auth scheme in request header
Some clients send an authorization header containing the "bearer"
keyword in lower case. This led to echo responding with "missing or
malformed jwt".

Request.BasicAuth (net/http) ignores the basic auth scheme's case since
a while: https://go-review.googlesource.com/c/go/+/111516/
2021-08-10 20:32:01 +03:00
Kaushal Rohit
fcda0e8840 Add Cookie to KeyAuth middleware's KeyLookup 2021-08-02 22:44:59 +03:00
toimtoimtoim
647af2acec JWT middleware has been changed from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt` due former library being unmaintained and having security
issues.
NOTE: `golang-jwt/jwt` now only supports last 2 Go releases. So 1.15+
For detailed information please read https://github.com/labstack/echo/discussions/1940
2021-08-01 23:20:08 +03:00
Pablo Andres Fuente
02de901d7e
Fixing Timeout middleware Context propagation (#1910)
This will let middlewares/handler later on the chain to properly handle
the Timeout middleware Context cancellation.

Fixes #1909
2021-07-09 23:36:03 -03:00
zacscoding
fd7a8a97ac Adds RequestIDHandler function to RequestID middleware 2021-07-05 21:12:17 +03:00
toimtoimtoim
1ac4a8f3d0 Adds JWTConfig.ParseTokenFunc to JWT middleware to allow different libraries implementing JWT parsing. 2021-06-13 20:33:08 +03:00
harukitosa
1c24ab8c2b fix rateLimiteDoc 2021-06-02 21:22:17 +03:00
Kaan Karakaya
379bdeaa1e docs: Added comment about TokenLookup
Signed-off-by: Kaan Karakaya <yusufkaan142@gmail.com>
2021-06-01 07:53:32 +03:00
Voltboy
2943a32005 restore originalWriter in case of panic inside echoHandlerFuncWrapper.ServeHTTP method 2021-05-08 22:37:57 +03:00
Lukas Dietrich
b643e6834e
Fix #1787: Add support for optional filesystem to the static middleware (#1797)
* Add optional filesystem to static middleware.
2021-05-08 22:33:17 +03:00
Kaan Karakaya
de3f87eb23
Jwt lookup from multiple sources (#1845)
* Jwt lookup from multiple sources
2021-05-08 22:30:06 +03:00
王瑞华
7256cb2274
add a custom error handler to key-auth middleware (#1847)
* add a custom error handler to key-auth middleware
2021-05-08 22:25:11 +03:00
antonindrawan
76f186ad3b
feat(jwt): make KeyFunc public in JWT middleware (#1756)
* feat(jwt): make KeyFunc public in JWT middleware

It allows a user-defined function to supply the key for a token
verification.
2021-05-08 22:19:24 +03:00
Martti T
a4ab482b60
Add Go 1.16 to CI and drop 1.12 specific code (#1850)
* Correct incorrect years in CHANGELOG.md
* CI tests with last 4 versions. Remove 1.12 and below specific code
* Rename proxy test
2021-04-16 11:38:12 +02:00
Martti T
10d8c53d55
Fix timeout middleware docs (fixes #1816) (#1836) 2021-04-06 09:12:00 +02:00
Martti T
ae4665cf7a
Fix panic in redirect middleware on short host name (fix #1811) (#1813) 2021-04-06 09:11:31 +02:00
Martti T
dec96f0312
fix timeout middleware not sending status code when handler returns an error (fix #1804) (#1805) 2021-03-12 12:49:09 +01:00
Martti T
4c2fd1fb04
Allow proxy middleware to use query part in rewrite (fix #1798) (#1802) 2021-03-09 13:22:11 +01:00
Martti T
d6127fe316
Rework timeout middleware to use http.TimeoutHandler implementation (fix #1761) (#1801) 2021-03-08 02:13:22 +01:00
Martti T
5622ecc180
Fix performance regression caused by path escaping (#1777, #1798, #1799)
* Fix performance regression #1777 and avoid double escaping in rewrite/proxy middleware.
* Add rewrite test for correct escaping of replacement (#1798)

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-03-08 02:01:02 +01:00
Seena Fallah
cffd3efa91
Avoid context canceled errors (#1789)
* Avoid context canceled errors

Return 499 Client Closed Request when the client has closed the request before the server could send a response

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2021-03-07 21:27:01 +02:00
toimtoimtoim
b2444d8399 Fix #1794: panics in timeout middleware are not recovered and cause application to crash 2021-03-02 20:41:29 +02:00
Leo Takaoka
d9e235416d
apply go fmt (#1788) 2021-02-26 23:55:00 +02:00
RaviKiran K
45870c75c3
Uses strings.Equalfold (#1790)
Changes case insensitive string comparisons to string.EqualFold which performs better than strings.Lower(str) == str comparison
2021-02-26 23:52:32 +02:00
Shubhendra Singh Chauhan
6a666acd5c
improve code quality (#1792)
* Merge variable declaration with assignment
* Fix unnecessary typecasting on `bytes.Buffer`
* Remove unnecessary wrapping of function call
2021-02-26 12:04:34 +02:00
Martti T
f09f2bd14e
Fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (#1775,#1771)
* fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (fix #1771)
* rename trimMultipleSlashes to sanitizeURI
2021-02-11 14:53:22 +01:00
Roland Lammel
932976ded6
Support real regex rules for rewrite and proxy middleware (#1767)
Support real regex rules for rewrite and proxy middleware (use non-greedy matching by default)

Co-authored-by: pwli <lipw0755@gmail.com>
2021-02-08 16:58:55 +02:00
Benjamin Chibuzor-Orie
7c8592a7e0
adds middleware for rate limiting (#1724)
* adds middleware for rate limiting

* added comment for InMemoryStore ShouldAllow

* removed redundant mutex declaration

* fixed lint issues

* removed sleep from tests

* improved coverage

* refactor: renames Identifiers, includes default SourceFunc

* Added last seen stats for visitor

* uses http Constants for improved readdability
adds default error handler

* used other handler apart from default handler to mark custom error handler for rate limiting

* split tests into separate blocks
added an error pair to IdentifierExtractor
Includes deny handler for explicitly denying requests

* adds comments for exported members Extractor and ErrorHandler

* makes cleanup implementation inhouse

* Avoid race for cleanup due to non-atomic access to store.expiresIn

* Use a dedicated producer for rate testing

* tidy commit

* refactors tests, implicitly tests lastSeen property on visitor
switches NewRateLimiterMemoryStore constructor to Referential Functions style (Advised by @pafuent)

* switches to mock of time module for time based tests
tests are now fully deterministic

* improved coverage

* replaces Rob Pike referential options with more conventional struct configs
makes cleanup asynchronous

* blocks racy access to lastCleanup

* Add benchmark tests for rate limiter

* Add rate limiter with sharded memory store

* Racy access to store.lastCleanup eliminated
Merges in shiny sharded map implementation by @lammel

* Remove RateLimiterShradedMemoryStore for now

* Make fields for RateLimiterStoreConfig public for external configuration

* Improve docs for RateLimiter usage

* Fix ErrorHandler vs. DenyHandler usage for rate limiter

* Simplify NewRateLimiterMemoryStore

* improved coverage

* updated errorHandler and denyHandler to use echo.HTTPError

* Improve wording for error and comments

* Remove duplicate lastSeen marking for Allow

* Improve wording for comments

* Add disclaimer on perf characteristics of memory store

* changes Allow signature on rate limiter to return err too

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-01-15 17:53:15 -03:00
Ilija Matoski
67263b5e45
Timeout middleware implementation for go1.13+ (#1743)
Co-authored-by: Ilija Matoski <imatoski@schubergphilis.com>
2021-01-05 11:14:51 +01:00
Roland Lammel
c7c792d3bd Fix CSRF tests for Go 1.12 2021-01-03 01:45:58 +01:00
Roland Lammel
36f524ede8 Merge branch 'master' of github.com:labstack/echo 2021-01-03 01:20:24 +01:00
Roland Lammel
4310e90d58 Support Go 1.12 for http.SameSiteNoneMode 2021-01-03 01:09:18 +01:00
Roland Lammel
716eb18329
Handle static routes with trailing slash (#1747)
- Fix Static file route not working without trailing slash
- Add tests for static middleware with/without trailing slash
- Add tests for static middleware under group

Co-authored-by: pwli <lipw0755@gmail.com>
2021-01-03 00:25:29 +01:00
toimtoimtoim
21f7787202 refactor static middleware tests not to use previous case state 2020-12-29 23:54:29 +02:00
Vadim Sabirov
08073575f8 Merge branch 'master' of https://github.com/labstack/echo 2020-12-18 14:39:23 +03:00
Roland Lammel
4422e3b66b
Merge pull request #1718 from little-cui/master
Fix static directory traversal security vulnerability for Windows
2020-12-15 16:31:52 +01:00
little-cui
1beaf09740 Bug Fix: Directory Traversal 2020-12-15 21:54:11 +08:00
iambenkay
1c720597bb adds test for request id
- remain unchanged if provided
2020-12-14 19:06:25 +01:00
Vadim Sabirov
53b38de143 Merge branch 'master' of https://github.com/labstack/echo 2020-12-11 12:34:52 +03:00
Roland Lammel
194129d070
Merge pull request #1699 from pafuent/improve_decompress_middleware
Adding sync.Pool to Decompress middleware
2020-12-11 10:09:41 +01:00
Roland Lammel
6a266b8539
Merge pull request #1704 from rkfg/jwt-form
Support form fields in jwt middleware
2020-12-06 15:42:52 +01:00
Vadim Sabirov
dc147d9b97 Fix #1523 by adding secure cookie if SameSite mode is None 2020-12-03 10:21:31 +03:00
Vadim Sabirov
cb15226984 Merge branch 'master' of https://github.com/labstack/echo 2020-12-03 09:43:47 +03:00
Nenad Lukic
571661692f Uses filepath.Join instead of hardcoded separator for static middleware test 2020-12-01 09:03:00 +01:00
rkfg
2152e4e872 Support form fields in jwt middleware 2020-12-01 09:51:20 +03:00
Nenad Lukic
3206527cfe Adds IgnoreBase parameter to static middleware
Adds IgnoreBase parameter to static middleware to support the use case of nested route groups
2020-11-30 19:06:00 +01:00
Pablo Andres Fuente
2386e17b21 Increasing Decompress Middleware coverage 2020-11-28 02:03:54 +00:00
Pablo Andres Fuente
14e020bc07 Adding sync.Pool to Decompress middleware
Fixing a http.Request.Body leak on the decompress middleware that were
not properly Close
Removing the defer on the call to gzip.Reader, because that reader is
already exausted after the call to io.Copy
2020-11-27 03:01:04 +00:00
Pierre Rousset
e6f24aa8b1 Addressed PR feedback 2020-11-24 16:25:49 +09:00
Pierre Rousset
26ab188922 CORS: add an optional custom function to validate the origin 2020-11-24 16:24:17 +09:00
Roland Lammel
90bef88e1a
Merge pull request #1669 from ulasakdeniz/fix-incorrect-cors-headers
Fix empty/incorrect CORS headers
2020-11-20 11:54:01 +01:00
Arun Gopalpuri
b47042f385 adding decompress gzipped request middleware 2020-11-20 00:51:24 -08:00
Pablo Andres Fuente
ac54e132e4 Adding sync.Pool to Compress Middleware
Adding a sync.Pool for the *gzip.Writer reduces the allocations of the
Compress middleware in 50% and gives an increase on execution speed of
a 85%
This fix #1643
2020-11-07 03:52:35 +00:00
Ulas Akdeniz
871ed9c68d Fix incorrect CORS headers
- Fix empty Access-Control-Allow-Origin
- Set CORS headers only if request Origin is existing and allowed
- Increase middleware test coverage
2020-11-06 03:10:16 +01:00
Arun Gopalpuri
f6dfcbe774 bugfix proxy and rewrite, updated test with actual call settings 2020-09-16 19:29:22 -07:00
yonbiaoxiao
5c5c83d290 change the hardcode for http constant 2020-09-14 10:23:54 +08:00
Roland Lammel
28ec3f7bdb
Merge pull request #1627 from juanbelieni/master
Create ErrJWTInvalid to allow modify error when JWT is invalid
2020-09-01 16:10:16 +02:00
Roland Lammel
2d79ff3d6c
Merge pull request #1628 from arun0009/master
set raw path and path in proxy, so url.EscapePath uses raw path
2020-09-01 16:03:30 +02:00
Roland Lammel
cf2fcad01b
Merge pull request #1588 from choyri/bugfix/rewrite
Fixes the uses of caret(^) in rewrite regex
2020-09-01 13:22:01 +02:00
Roland Lammel
bcb316500e
Merge pull request #1623 from KlotzAndrew/cors_regex
cors allow regex pattern
2020-09-01 13:20:23 +02:00
Arun Gopalpuri
1a6ec73e57 using url.EscapedPath instead of custom GetPath, rewritePath func added to middleware - used by proxy and rewrite 2020-08-31 13:09:24 -07:00
Peter C
6463bcb190
added ModifyResponse option to ProxyConfig (#1622)
Co-authored-by: Peter C <petoc@users.noreply.github.com>
2020-08-27 17:51:27 -07:00
Juan Belieni
09f36b585d Create ErrJWTInvalid variable 2020-08-27 19:35:45 -03:00
Andrew Klotz
9a28fb8608
cors allow regex pattern
enable cors to use regex pattern for allowed origins

implementation is similar to another popular cors
middleware: https://github.com/astaxie/beego/blob/master/plugins/cors/cors.go#L196-L201
2020-08-19 03:17:12 +00:00
Shinnosuke Sawada
8dd25c39ce
make gzipResponseWriter implement http.Pusher (#1615) 2020-08-03 17:58:08 -07:00
chotow
3dbd5dcf6e
Fixes the uses of caret(^) at the beginning of the rewrite regex 2020-07-24 23:37:01 +08:00
chotow
68e8bce645
Revert "Fixes the uses of caret(^) in rewrite regex"
This reverts commit 1f51469436e3612e8e121413df905dc9f4ffed0b.
2020-07-24 23:37:01 +08:00
chotow
84da507a2e
Fixes the uses of caret(^) in rewrite regex 2020-07-24 23:37:01 +08:00
Masahiro Furudate
e125b2cf84
Fix recover print stack trace log level (#1604)
* Fix recover print stack trace log level

* Add recover log level test

* Add default LogLevel to DefaultRecoverConfig
2020-07-06 07:59:42 -07:00
Arun Gopalpuri
2207c37bf8
use echo.GetPath for rewrite in proxy (#1548)
Co-authored-by: Arun Gopalpuri <arun@gopalpuri.com>
2020-04-08 08:19:22 -07:00
178inaba
269dfcc9dd
Set maxParam with SetParamNames (#1535)
* Set maxParam with SetParamNames

Fixes #1492

* Revert go.mod
2020-03-30 12:28:07 -07:00
Leaf
542835808e
Quote regex meta characters in Rewrite (#1541)
Currently there is a half and half situation where the user can't use regex (fully) because * will be replaced with (.*), yet they also can't just enter any old string, because meta chars like . would need escaping.

e.g. currently *.html wouldn't work as intended, and instead *\.html should be used.

Work around this by using regexp's QuoteMeta function to sanitise the input before handling it.
2020-03-28 17:12:39 -07:00
Vadim Sabirov
8b2c77b107 Fix #1523 by adding SameSite mode for CSRF settings 2020-03-04 18:14:23 +03:00
Shinichi TAMURA
7c5af01350
Safer/trustable extraction of real ip from request (#1478)
* Safer/trustable extraction of real ip from request

* Fix x-real-ip handling on proxy

* fix docs

* fix default check
2020-02-24 08:29:34 -08:00
Dmitry Kutakov
712b5e46c5 format code (gofmt + trim trailing space) (#1452) 2020-01-25 09:48:53 -08:00
J. David Lowe
8d7f05e533 round-trip paramValues without exploding (#1463) 2020-01-23 18:32:17 -08:00