1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-26 20:54:00 +02:00
Commit Graph

1533 Commits

Author SHA1 Message Date
toimtoimtoim
1ac4a8f3d0 Adds JWTConfig.ParseTokenFunc to JWT middleware to allow different libraries implementing JWT parsing. 2021-06-13 20:33:08 +03:00
Oleksandr Savchenko
fdacff0d93 Split XFF header only by comma 2021-06-02 21:42:27 +03:00
harukitosa
1c24ab8c2b fix rateLimiteDoc 2021-06-02 21:22:17 +03:00
Kaan Karakaya
379bdeaa1e docs: Added comment about TokenLookup
Signed-off-by: Kaan Karakaya <yusufkaan142@gmail.com>
2021-06-01 07:53:32 +03:00
Alexander Pochill
7846e3fa6b
feat: Bind data using headers as source (#1866)
Currently, echo supports binding data from query, path or body.
Sometimes we need to read bind data from headers. It would be nice to
automatically bind those using the `bindData` func, which is already
well prepared to accept `http.Header`.

I didn't add this to the `Bind` func, so this will not happen
automatically. Main reason is backwards compatability. It might be
confusing if variables are bound from headers when upgrading, and might
even have become a security issue as pointed out in #1670.

* Add docs for BindHeaders
* Add test for BindHeader with invalid data type
2021-05-25 14:50:49 +02:00
toimtoimtoim
2acb24adb0 Update version and changelog for 4.3.0 2021-05-08 23:39:25 +03:00
lipengwei
1aef300cf4 explicitly return an error instead of hiding it 2021-05-08 22:50:31 +03:00
lipengwei
18d7fe11df Fix #1858: Add query params binding support for anonymous struct pointer filed 2021-05-08 22:50:31 +03:00
Voltboy
2943a32005 restore originalWriter in case of panic inside echoHandlerFuncWrapper.ServeHTTP method 2021-05-08 22:37:57 +03:00
Lukas Dietrich
b643e6834e
Fix #1787: Add support for optional filesystem to the static middleware (#1797)
* Add optional filesystem to static middleware.
2021-05-08 22:33:17 +03:00
Kaan Karakaya
de3f87eb23
Jwt lookup from multiple sources (#1845)
* Jwt lookup from multiple sources
2021-05-08 22:30:06 +03:00
王瑞华
7256cb2274
add a custom error handler to key-auth middleware (#1847)
* add a custom error handler to key-auth middleware
2021-05-08 22:25:11 +03:00
antonindrawan
76f186ad3b
feat(jwt): make KeyFunc public in JWT middleware (#1756)
* feat(jwt): make KeyFunc public in JWT middleware

It allows a user-defined function to supply the key for a token
verification.
2021-05-08 22:19:24 +03:00
Martti T
643066594d
Fix router not matching param route with trailing slash and implement matching by path+method (#1812)
* when url ends with slash first param route is the match (fix #1804)
* router should check if method is suitable for matching route and if not then continue search in tree (fix #1808)
2021-04-27 09:55:31 +02:00
Vishal Rana
3b07058a1d
Create LICENSE 2021-04-17 12:47:48 -07:00
Martti T
a4ab482b60
Add Go 1.16 to CI and drop 1.12 specific code (#1850)
* Correct incorrect years in CHANGELOG.md
* CI tests with last 4 versions. Remove 1.12 and below specific code
* Rename proxy test
2021-04-16 11:38:12 +02:00
Martti T
bb7f2223bb
Update and tidy dependencies (#1841) 2021-04-09 09:14:23 +02:00
Martti T
8da8e16138
Update version and changelog for 4.2.2 (#1838) 2021-04-07 22:45:14 +03:00
Martti T
10d8c53d55
Fix timeout middleware docs (fixes #1816) (#1836) 2021-04-06 09:12:00 +02:00
Martti T
ae4665cf7a
Fix panic in redirect middleware on short host name (fix #1811) (#1813) 2021-04-06 09:11:31 +02:00
Martti T
67f6346df2
Fix Bind() when target is array/slice and path/query params complain target not being struct (#1835)
For path/query params binding we do not try (silently return) to bind when target is not struct.
Recreates PR #1574 and fixes #1565
2021-04-06 09:05:33 +02:00
Martti T
dec96f0312
fix timeout middleware not sending status code when handler returns an error (fix #1804) (#1805) 2021-03-12 12:49:09 +01:00
Martti T
4c2fd1fb04
Allow proxy middleware to use query part in rewrite (fix #1798) (#1802) 2021-03-09 13:22:11 +01:00
Roland Lammel
a97052edaf Update version to v4.2.1 2021-03-08 02:33:04 +01:00
Martti T
d6127fe316
Rework timeout middleware to use http.TimeoutHandler implementation (fix #1761) (#1801) 2021-03-08 02:13:22 +01:00
Martti T
5622ecc180
Fix performance regression caused by path escaping (#1777, #1798, #1799)
* Fix performance regression #1777 and avoid double escaping in rewrite/proxy middleware.
* Add rewrite test for correct escaping of replacement (#1798)

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-03-08 02:01:02 +01:00
Seena Fallah
cffd3efa91
Avoid context canceled errors (#1789)
* Avoid context canceled errors

Return 499 Client Closed Request when the client has closed the request before the server could send a response

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2021-03-07 21:27:01 +02:00
Martti T
664cf8c106
Refactor router for readability (#1796)
* refactor router tests to table driven (this way it is easier to debug test cases with breakpoints)
* refactor router variables to be more readable
2021-03-06 00:43:59 +01:00
Martti T
6f9b71cd6f
Poc router stack backtracking (#1791)
Router: PoC stack based backtracking

Co-authored-by: stffabi <stffabi@users.noreply.github.com>
2021-03-02 20:56:40 +02:00
toimtoimtoim
b2444d8399 Fix #1794: panics in timeout middleware are not recovered and cause application to crash 2021-03-02 20:41:29 +02:00
Martti T
c79ffed7ce
Fix Echo.Serve() will not serve on HTTP port correctly when there is already TLSListener set to Echo instance. (#1785) (#1793) 2021-02-28 19:13:04 +01:00
Leo Takaoka
d9e235416d
apply go fmt (#1788) 2021-02-26 23:55:00 +02:00
RaviKiran K
45870c75c3
Uses strings.Equalfold (#1790)
Changes case insensitive string comparisons to string.EqualFold which performs better than strings.Lower(str) == str comparison
2021-02-26 23:52:32 +02:00
Shubhendra Singh Chauhan
6a666acd5c
improve code quality (#1792)
* Merge variable declaration with assignment
* Fix unnecessary typecasting on `bytes.Buffer`
* Remove unnecessary wrapping of function call
2021-02-26 12:04:34 +02:00
Roland Lammel
b0f56eaf96 Update version to v4.2.0 2021-02-11 19:35:16 +01:00
Roland Lammel
a170896c42
Add CHANGELOG.md for historic tracking of changes (#1764) 2021-02-11 14:54:06 +01:00
Martti T
f09f2bd14e
Fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (#1775,#1771)
* fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (fix #1771)
* rename trimMultipleSlashes to sanitizeURI
2021-02-11 14:53:22 +01:00
Roland Lammel
932976ded6
Support real regex rules for rewrite and proxy middleware (#1767)
Support real regex rules for rewrite and proxy middleware (use non-greedy matching by default)

Co-authored-by: pwli <lipw0755@gmail.com>
2021-02-08 16:58:55 +02:00
Benjamin Chibuzor-Orie
7c8592a7e0
adds middleware for rate limiting (#1724)
* adds middleware for rate limiting

* added comment for InMemoryStore ShouldAllow

* removed redundant mutex declaration

* fixed lint issues

* removed sleep from tests

* improved coverage

* refactor: renames Identifiers, includes default SourceFunc

* Added last seen stats for visitor

* uses http Constants for improved readdability
adds default error handler

* used other handler apart from default handler to mark custom error handler for rate limiting

* split tests into separate blocks
added an error pair to IdentifierExtractor
Includes deny handler for explicitly denying requests

* adds comments for exported members Extractor and ErrorHandler

* makes cleanup implementation inhouse

* Avoid race for cleanup due to non-atomic access to store.expiresIn

* Use a dedicated producer for rate testing

* tidy commit

* refactors tests, implicitly tests lastSeen property on visitor
switches NewRateLimiterMemoryStore constructor to Referential Functions style (Advised by @pafuent)

* switches to mock of time module for time based tests
tests are now fully deterministic

* improved coverage

* replaces Rob Pike referential options with more conventional struct configs
makes cleanup asynchronous

* blocks racy access to lastCleanup

* Add benchmark tests for rate limiter

* Add rate limiter with sharded memory store

* Racy access to store.lastCleanup eliminated
Merges in shiny sharded map implementation by @lammel

* Remove RateLimiterShradedMemoryStore for now

* Make fields for RateLimiterStoreConfig public for external configuration

* Improve docs for RateLimiter usage

* Fix ErrorHandler vs. DenyHandler usage for rate limiter

* Simplify NewRateLimiterMemoryStore

* improved coverage

* updated errorHandler and denyHandler to use echo.HTTPError

* Improve wording for error and comments

* Remove duplicate lastSeen marking for Allow

* Improve wording for comments

* Add disclaimer on perf characteristics of memory store

* changes Allow signature on rate limiter to return err too

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-01-15 17:53:15 -03:00
Martti T
9b0e63046b
Fluent Binder for Query/Path/Form binding (#1717) (#1736)
* Fluent Binder for Query/Path/Form binding.
* CI: report coverage for latest go (1.15) version
* improve docs, remove uncommented code
* separate unixtime with sec and nanosec precision binding
2021-01-08 00:43:38 +01:00
Ilija Matoski
67263b5e45
Timeout middleware implementation for go1.13+ (#1743)
Co-authored-by: Ilija Matoski <imatoski@schubergphilis.com>
2021-01-05 11:14:51 +01:00
Martti T
02ed3f3126
Fix #1729 Binding query/path params and form fields to struct only works for explicit tags (#1734)
* Binding query/path params and form fields to struct only works for fields that have explicit TAG defined on struct
* remove unnecessary benchmark after change because it is not valid test anymore
2021-01-05 11:04:24 +01:00
Vishal Rana
f718079658
Update README.md 2021-01-03 11:09:17 -08:00
stffabi
a9df83037d
Do not handle special trailing slash case for partial prefix (#1741)
* Add tests for issue #1739
* Handle special trailing slash case only for a matching prefix

Only handle the special trailing slash case if the whole prefix matches to avoid matching   
a wrong route for overlapping prefixes, e.g. /users/* for the path /users_prefix/ where
the route is only a partial prefix of the requested path.
2021-01-03 19:35:00 +01:00
Roland Lammel
c7c792d3bd Fix CSRF tests for Go 1.12 2021-01-03 01:45:58 +01:00
Roland Lammel
36f524ede8 Merge branch 'master' of github.com:labstack/echo 2021-01-03 01:20:24 +01:00
Roland Lammel
fc96d822eb Merge SameSite mode for CSRF (PR #1524) from 'pr0head/master' 2021-01-03 01:18:45 +01:00
Roland Lammel
4310e90d58 Support Go 1.12 for http.SameSiteNoneMode 2021-01-03 01:09:18 +01:00
Roland Lammel
716eb18329
Handle static routes with trailing slash (#1747)
- Fix Static file route not working without trailing slash
- Add tests for static middleware with/without trailing slash
- Add tests for static middleware under group

Co-authored-by: pwli <lipw0755@gmail.com>
2021-01-03 00:25:29 +01:00
Roland Lammel
0bdb45c583
Merge pull request #1740 from aldas/issue_1720_add_static_middleware_tests
refactor static middleware tests not to use previous case state (#1720)
2021-01-01 18:23:53 +01:00