toimtoimtoim
0ac4d74402
Fix #2259 open redirect vulnerability in echo.StaticDirectoryHandler (used by e.Static, e.StaticFs etc)
...
remove pre Go1.16 and after differences
2022-09-04 22:50:54 +03:00
Mojtaba Arezoumand
d77e8c09b2
Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware ( #2257 )
...
* feat: add error handler to csrf middleware
Co-authored-by: Mojtaba Arezoomand <mojtaba.arezoomand@snapp.cab>
2022-09-01 10:51:55 +03:00
Daniel Price
a9879ffa6b
Middlewares should use errors.As() instead of type assertion on HTTPError
...
- Helps consumers who want to wrap HTTPError, and other use cases
2022-07-21 21:24:18 +03:00
moznion
ddb66e1ba2
Add logger middleware template variables: ${time_unix_milli}
and ${time_unix_micro}
( #2206 )
...
This patch introduces two template variables `${time_unix_milli}` and
`${time_unix_micro}` into the logger middleware.
Currently, there is no way to interpolate that UNIX milli and micro
seconds timestamp in a log entry, and go 1.17 or later runtime supports
the utility functions `time#UnixMilli()` and `time#UnixMicro()`
so this patch adds them as well.
see also: https://github.com/golang/go/issues/44196
Signed-off-by: moznion <moznion@mail.moznion.net>
2022-07-05 07:57:39 +03:00
welling guzmán
b0453b98e0
fix: basic auth invalid base64 string ( #2191 )
...
* fix: basic auth returns 400 on invalid base64 string
2022-05-27 19:44:51 +03:00
Martti T
d5f883707b
Timeout mw: rework how test waits for timeout. Using sleep as delay i… ( #2187 )
...
* Timeout mw: rework how test waits for timeout. Using sleep as delay is problematic when CI worker is slower than usual.
2022-05-22 00:21:50 +03:00
toimtoimtoim
28797c761d
Timeout mw: fix datarace in tests when we are getting data from buffer (in test) and writing to logger at the same time.
2022-05-21 22:26:56 +03:00
toimtoimtoim
2e02ce3dd8
Timeout mw: fix datarace in tests when we are getting data from buffer. Run each test in their own server so multiple tests cases will not cause datarace getting data out of logger buffer.
2022-05-21 20:12:32 +03:00
gemaizi
572466d928
Fix body_limit middleware unit test
2022-04-05 20:34:49 +03:00
toimtoimtoim
1919cf4491
Timeout middleware write race
2022-03-16 08:09:29 +02:00
Martti T
01d7d01bbc
Fix CSRF middleware not being able to extract token from multipart/form-data
form ( #2136 , fixes #2135 )
2022-03-16 00:43:20 +01:00
Becir Basic
5c38c3b770
Recover middleware should not log panic for aborted handler ( #2134 , fixes #2133 )
...
Co-authored-by: Becir Basic <bb@neotel.at>
2022-03-16 00:29:42 +01:00
Martti T
4a1ccdfdc5
JWT, KeyAuth, CSRF multivalue extractors ( #2060 )
...
* CSRF, JWT, KeyAuth middleware support for multivalue value extractors
* Add flag to JWT and KeyAuth middleware to allow continuing execution `next(c)` when error handler decides to swallow the error (returns nil).
2022-01-24 22:03:45 +02:00
ant1k9
7c41b93f0c
Add LogErrorFunc to recover middleware ( #2072 )
...
LogErrorFunc provides more general interface to handle errors in the recover middleware.
2022-01-24 11:23:41 +01:00
toimtoimtoim
6f6befe555
improve docs
2022-01-03 21:04:17 +02:00
toimtoimtoim
5b26a5257b
Allow
header support in Router, MethodNotFoundHandler (405) and CORS middleware
2022-01-03 21:04:17 +02:00
Rashad Ansari
4fffee2ec8
Add custom jwt extractor to jwt config
2021-12-20 21:41:59 +02:00
Nao Yonashiro
7bde9aea06
Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty ( #1921 )
...
Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty
2021-12-15 10:15:13 +02:00
Guilherme Cardoso
c32fafad68
Add support for configurable target header for the request_id middleware
2021-12-07 21:34:16 +02:00
David Desmarais-Michaud
b437ee3879
stream decompression instead of buffering ( #2018 )
...
* stream decompression instead of buffering
* simple body replace with gzip reader with deferred close
* defer resource closes
* simply gzip.Reader pool
2021-12-03 11:03:42 +01:00
Luka Jajanidze
902c553552
Added comments for RateLimiterMemoryStoreConfig and RateLimiterMemoryStore
2021-11-21 18:22:14 +02:00
Luka Jajanidze
3f099663f1
removed unnecessary comments
2021-11-21 18:22:14 +02:00
Luka Jajanidze
bd29ef9e46
added references to Limiter docs for 0-1 behaviour
2021-11-21 18:22:14 +02:00
Kaan Karakaya
d604704563
Fix rate limiter example
...
time.Minutes is doesn't exist
2021-10-15 21:08:11 +03:00
Martti T
a2e6ca7ed6
Add start time to request logger middleware values ( #1991 )
2021-09-23 23:17:09 +03:00
Martti T
1e7e67cddb
Added request logger middleware which helps to use custom logger library for logging requests ( #1980 )
...
Added request logger middleware which helps to use custom logger library for logging requests.
2021-09-14 20:57:47 +03:00
pwli
7f502b1ff1
try to fix #1905 and add some notes ( #1947 )
...
* fix 1905 and add some notes
(cherry picked from commit 9d96199e2dbb6d4374b5a8b6e16fdc0b0d7cb3a7)
* fix typo
(cherry picked from commit e8ea1bcabb6cdb50b06e1ec0e7c3cce44287d8b7)
* Add tests for timeout middleware with full http.Server stack running.
Add warning about middleware
* Fix example
Co-authored-by: lipengwei <lipengwei@uniontech.com>
Co-authored-by: toimtoimtoim <desinformatsioon@gmail.com>
2021-08-22 20:25:09 +03:00
Philipp Thun
499097e061
Ignore case of auth scheme in request header
...
Some clients send an authorization header containing the "bearer"
keyword in lower case. This led to echo responding with "missing or
malformed jwt".
Request.BasicAuth (net/http) ignores the basic auth scheme's case since
a while: https://go-review.googlesource.com/c/go/+/111516/
2021-08-10 20:32:01 +03:00
Kaushal Rohit
fcda0e8840
Add Cookie to KeyAuth middleware's KeyLookup
2021-08-02 22:44:59 +03:00
toimtoimtoim
647af2acec
JWT middleware has been changed from github.com/dgrijalva/jwt-go
to github.com/golang-jwt/jwt` due former library being unmaintained and having security
...
issues.
NOTE: `golang-jwt/jwt` now only supports last 2 Go releases. So 1.15+
For detailed information please read https://github.com/labstack/echo/discussions/1940
2021-08-01 23:20:08 +03:00
Pablo Andres Fuente
02de901d7e
Fixing Timeout middleware Context propagation ( #1910 )
...
This will let middlewares/handler later on the chain to properly handle
the Timeout middleware Context cancellation.
Fixes #1909
2021-07-09 23:36:03 -03:00
zacscoding
fd7a8a97ac
Adds RequestIDHandler function to RequestID middleware
2021-07-05 21:12:17 +03:00
toimtoimtoim
1ac4a8f3d0
Adds JWTConfig.ParseTokenFunc to JWT middleware to allow different libraries implementing JWT parsing.
2021-06-13 20:33:08 +03:00
harukitosa
1c24ab8c2b
fix rateLimiteDoc
2021-06-02 21:22:17 +03:00
Kaan Karakaya
379bdeaa1e
docs: Added comment about TokenLookup
...
Signed-off-by: Kaan Karakaya <yusufkaan142@gmail.com>
2021-06-01 07:53:32 +03:00
Voltboy
2943a32005
restore originalWriter in case of panic inside echoHandlerFuncWrapper.ServeHTTP method
2021-05-08 22:37:57 +03:00
Lukas Dietrich
b643e6834e
Fix #1787 : Add support for optional filesystem to the static middleware ( #1797 )
...
* Add optional filesystem to static middleware.
2021-05-08 22:33:17 +03:00
Kaan Karakaya
de3f87eb23
Jwt lookup from multiple sources ( #1845 )
...
* Jwt lookup from multiple sources
2021-05-08 22:30:06 +03:00
王瑞华
7256cb2274
add a custom error handler to key-auth middleware ( #1847 )
...
* add a custom error handler to key-auth middleware
2021-05-08 22:25:11 +03:00
antonindrawan
76f186ad3b
feat(jwt): make KeyFunc public in JWT middleware ( #1756 )
...
* feat(jwt): make KeyFunc public in JWT middleware
It allows a user-defined function to supply the key for a token
verification.
2021-05-08 22:19:24 +03:00
Martti T
a4ab482b60
Add Go 1.16 to CI and drop 1.12 specific code ( #1850 )
...
* Correct incorrect years in CHANGELOG.md
* CI tests with last 4 versions. Remove 1.12 and below specific code
* Rename proxy test
2021-04-16 11:38:12 +02:00
Martti T
10d8c53d55
Fix timeout middleware docs ( fixes #1816 ) ( #1836 )
2021-04-06 09:12:00 +02:00
Martti T
ae4665cf7a
Fix panic in redirect middleware on short host name ( fix #1811 ) ( #1813 )
2021-04-06 09:11:31 +02:00
Martti T
dec96f0312
fix timeout middleware not sending status code when handler returns an error ( fix #1804 ) ( #1805 )
2021-03-12 12:49:09 +01:00
Martti T
4c2fd1fb04
Allow proxy middleware to use query part in rewrite ( fix #1798 ) ( #1802 )
2021-03-09 13:22:11 +01:00
Martti T
d6127fe316
Rework timeout middleware to use http.TimeoutHandler implementation ( fix #1761 ) ( #1801 )
2021-03-08 02:13:22 +01:00
Martti T
5622ecc180
Fix performance regression caused by path escaping ( #1777 , #1798 , #1799 )
...
* Fix performance regression #1777 and avoid double escaping in rewrite/proxy middleware.
* Add rewrite test for correct escaping of replacement (#1798 )
Co-authored-by: Roland Lammel <rl@neotel.at>
2021-03-08 02:01:02 +01:00
Seena Fallah
cffd3efa91
Avoid context canceled errors ( #1789 )
...
* Avoid context canceled errors
Return 499 Client Closed Request when the client has closed the request before the server could send a response
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2021-03-07 21:27:01 +02:00
toimtoimtoim
b2444d8399
Fix #1794 : panics in timeout middleware are not recovered and cause application to crash
2021-03-02 20:41:29 +02:00
Leo Takaoka
d9e235416d
apply go fmt ( #1788 )
2021-02-26 23:55:00 +02:00