1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-24 20:14:31 +02:00
Commit Graph

1593 Commits

Author SHA1 Message Date
Mohammad Alian
7d41537e70 return first if response is already committed in DefaultHTTPErrorHandler 2021-08-12 22:12:39 +03:00
Philipp Thun
499097e061 Ignore case of auth scheme in request header
Some clients send an authorization header containing the "bearer"
keyword in lower case. This led to echo responding with "missing or
malformed jwt".

Request.BasicAuth (net/http) ignores the basic auth scheme's case since
a while: https://go-review.googlesource.com/c/go/+/111516/
2021-08-10 20:32:01 +03:00
Kaushal Rohit
fcda0e8840 Add Cookie to KeyAuth middleware's KeyLookup 2021-08-02 22:44:59 +03:00
toimtoimtoim
5b8fa6979f Update version and changelog for 4.5.0 2021-08-01 23:20:08 +03:00
toimtoimtoim
647af2acec JWT middleware has been changed from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt` due former library being unmaintained and having security
issues.
NOTE: `golang-jwt/jwt` now only supports last 2 Go releases. So 1.15+
For detailed information please read https://github.com/labstack/echo/discussions/1940
2021-08-01 23:20:08 +03:00
Martti T
58366f93e6
Update version and changelog for 4.4.0 (#1919) 2021-07-12 22:35:47 +03:00
Pablo Andres Fuente
02de901d7e
Fixing Timeout middleware Context propagation (#1910)
This will let middlewares/handler later on the chain to properly handle
the Timeout middleware Context cancellation.

Fixes #1909
2021-07-09 23:36:03 -03:00
Hosh
5e791b0787
Allow for custom JSON encoding implementations (#1880)
* Allow for custom JSON encoding implementations

Co-authored-by: toimtoimtoim <desinformatsioon@gmail.com>
2021-07-05 22:33:19 +03:00
zacscoding
fd7a8a97ac Adds RequestIDHandler function to RequestID middleware 2021-07-05 21:12:17 +03:00
Pablo Andres Fuente
f20820c003
Adding tests for Echo#Host (#1895) 2021-06-25 17:56:07 -03:00
toimtoimtoim
1ac4a8f3d0 Adds JWTConfig.ParseTokenFunc to JWT middleware to allow different libraries implementing JWT parsing. 2021-06-13 20:33:08 +03:00
Oleksandr Savchenko
fdacff0d93 Split XFF header only by comma 2021-06-02 21:42:27 +03:00
harukitosa
1c24ab8c2b fix rateLimiteDoc 2021-06-02 21:22:17 +03:00
Kaan Karakaya
379bdeaa1e docs: Added comment about TokenLookup
Signed-off-by: Kaan Karakaya <yusufkaan142@gmail.com>
2021-06-01 07:53:32 +03:00
Alexander Pochill
7846e3fa6b
feat: Bind data using headers as source (#1866)
Currently, echo supports binding data from query, path or body.
Sometimes we need to read bind data from headers. It would be nice to
automatically bind those using the `bindData` func, which is already
well prepared to accept `http.Header`.

I didn't add this to the `Bind` func, so this will not happen
automatically. Main reason is backwards compatability. It might be
confusing if variables are bound from headers when upgrading, and might
even have become a security issue as pointed out in #1670.

* Add docs for BindHeaders
* Add test for BindHeader with invalid data type
2021-05-25 14:50:49 +02:00
toimtoimtoim
2acb24adb0 Update version and changelog for 4.3.0 2021-05-08 23:39:25 +03:00
lipengwei
1aef300cf4 explicitly return an error instead of hiding it 2021-05-08 22:50:31 +03:00
lipengwei
18d7fe11df Fix #1858: Add query params binding support for anonymous struct pointer filed 2021-05-08 22:50:31 +03:00
Voltboy
2943a32005 restore originalWriter in case of panic inside echoHandlerFuncWrapper.ServeHTTP method 2021-05-08 22:37:57 +03:00
Lukas Dietrich
b643e6834e
Fix #1787: Add support for optional filesystem to the static middleware (#1797)
* Add optional filesystem to static middleware.
2021-05-08 22:33:17 +03:00
Kaan Karakaya
de3f87eb23
Jwt lookup from multiple sources (#1845)
* Jwt lookup from multiple sources
2021-05-08 22:30:06 +03:00
王瑞华
7256cb2274
add a custom error handler to key-auth middleware (#1847)
* add a custom error handler to key-auth middleware
2021-05-08 22:25:11 +03:00
antonindrawan
76f186ad3b
feat(jwt): make KeyFunc public in JWT middleware (#1756)
* feat(jwt): make KeyFunc public in JWT middleware

It allows a user-defined function to supply the key for a token
verification.
2021-05-08 22:19:24 +03:00
Martti T
643066594d
Fix router not matching param route with trailing slash and implement matching by path+method (#1812)
* when url ends with slash first param route is the match (fix #1804)
* router should check if method is suitable for matching route and if not then continue search in tree (fix #1808)
2021-04-27 09:55:31 +02:00
Vishal Rana
3b07058a1d
Create LICENSE 2021-04-17 12:47:48 -07:00
Martti T
a4ab482b60
Add Go 1.16 to CI and drop 1.12 specific code (#1850)
* Correct incorrect years in CHANGELOG.md
* CI tests with last 4 versions. Remove 1.12 and below specific code
* Rename proxy test
2021-04-16 11:38:12 +02:00
Martti T
bb7f2223bb
Update and tidy dependencies (#1841) 2021-04-09 09:14:23 +02:00
Martti T
8da8e16138
Update version and changelog for 4.2.2 (#1838) 2021-04-07 22:45:14 +03:00
Martti T
10d8c53d55
Fix timeout middleware docs (fixes #1816) (#1836) 2021-04-06 09:12:00 +02:00
Martti T
ae4665cf7a
Fix panic in redirect middleware on short host name (fix #1811) (#1813) 2021-04-06 09:11:31 +02:00
Martti T
67f6346df2
Fix Bind() when target is array/slice and path/query params complain target not being struct (#1835)
For path/query params binding we do not try (silently return) to bind when target is not struct.
Recreates PR #1574 and fixes #1565
2021-04-06 09:05:33 +02:00
Martti T
dec96f0312
fix timeout middleware not sending status code when handler returns an error (fix #1804) (#1805) 2021-03-12 12:49:09 +01:00
Martti T
4c2fd1fb04
Allow proxy middleware to use query part in rewrite (fix #1798) (#1802) 2021-03-09 13:22:11 +01:00
Roland Lammel
a97052edaf Update version to v4.2.1 2021-03-08 02:33:04 +01:00
Martti T
d6127fe316
Rework timeout middleware to use http.TimeoutHandler implementation (fix #1761) (#1801) 2021-03-08 02:13:22 +01:00
Martti T
5622ecc180
Fix performance regression caused by path escaping (#1777, #1798, #1799)
* Fix performance regression #1777 and avoid double escaping in rewrite/proxy middleware.
* Add rewrite test for correct escaping of replacement (#1798)

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-03-08 02:01:02 +01:00
Seena Fallah
cffd3efa91
Avoid context canceled errors (#1789)
* Avoid context canceled errors

Return 499 Client Closed Request when the client has closed the request before the server could send a response

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2021-03-07 21:27:01 +02:00
Martti T
664cf8c106
Refactor router for readability (#1796)
* refactor router tests to table driven (this way it is easier to debug test cases with breakpoints)
* refactor router variables to be more readable
2021-03-06 00:43:59 +01:00
Martti T
6f9b71cd6f
Poc router stack backtracking (#1791)
Router: PoC stack based backtracking

Co-authored-by: stffabi <stffabi@users.noreply.github.com>
2021-03-02 20:56:40 +02:00
toimtoimtoim
b2444d8399 Fix #1794: panics in timeout middleware are not recovered and cause application to crash 2021-03-02 20:41:29 +02:00
Martti T
c79ffed7ce
Fix Echo.Serve() will not serve on HTTP port correctly when there is already TLSListener set to Echo instance. (#1785) (#1793) 2021-02-28 19:13:04 +01:00
Leo Takaoka
d9e235416d
apply go fmt (#1788) 2021-02-26 23:55:00 +02:00
RaviKiran K
45870c75c3
Uses strings.Equalfold (#1790)
Changes case insensitive string comparisons to string.EqualFold which performs better than strings.Lower(str) == str comparison
2021-02-26 23:52:32 +02:00
Shubhendra Singh Chauhan
6a666acd5c
improve code quality (#1792)
* Merge variable declaration with assignment
* Fix unnecessary typecasting on `bytes.Buffer`
* Remove unnecessary wrapping of function call
2021-02-26 12:04:34 +02:00
Roland Lammel
b0f56eaf96 Update version to v4.2.0 2021-02-11 19:35:16 +01:00
Roland Lammel
a170896c42
Add CHANGELOG.md for historic tracking of changes (#1764) 2021-02-11 14:54:06 +01:00
Martti T
f09f2bd14e
Fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (#1775,#1771)
* fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (fix #1771)
* rename trimMultipleSlashes to sanitizeURI
2021-02-11 14:53:22 +01:00
Roland Lammel
932976ded6
Support real regex rules for rewrite and proxy middleware (#1767)
Support real regex rules for rewrite and proxy middleware (use non-greedy matching by default)

Co-authored-by: pwli <lipw0755@gmail.com>
2021-02-08 16:58:55 +02:00
Benjamin Chibuzor-Orie
7c8592a7e0
adds middleware for rate limiting (#1724)
* adds middleware for rate limiting

* added comment for InMemoryStore ShouldAllow

* removed redundant mutex declaration

* fixed lint issues

* removed sleep from tests

* improved coverage

* refactor: renames Identifiers, includes default SourceFunc

* Added last seen stats for visitor

* uses http Constants for improved readdability
adds default error handler

* used other handler apart from default handler to mark custom error handler for rate limiting

* split tests into separate blocks
added an error pair to IdentifierExtractor
Includes deny handler for explicitly denying requests

* adds comments for exported members Extractor and ErrorHandler

* makes cleanup implementation inhouse

* Avoid race for cleanup due to non-atomic access to store.expiresIn

* Use a dedicated producer for rate testing

* tidy commit

* refactors tests, implicitly tests lastSeen property on visitor
switches NewRateLimiterMemoryStore constructor to Referential Functions style (Advised by @pafuent)

* switches to mock of time module for time based tests
tests are now fully deterministic

* improved coverage

* replaces Rob Pike referential options with more conventional struct configs
makes cleanup asynchronous

* blocks racy access to lastCleanup

* Add benchmark tests for rate limiter

* Add rate limiter with sharded memory store

* Racy access to store.lastCleanup eliminated
Merges in shiny sharded map implementation by @lammel

* Remove RateLimiterShradedMemoryStore for now

* Make fields for RateLimiterStoreConfig public for external configuration

* Improve docs for RateLimiter usage

* Fix ErrorHandler vs. DenyHandler usage for rate limiter

* Simplify NewRateLimiterMemoryStore

* improved coverage

* updated errorHandler and denyHandler to use echo.HTTPError

* Improve wording for error and comments

* Remove duplicate lastSeen marking for Allow

* Improve wording for comments

* Add disclaimer on perf characteristics of memory store

* changes Allow signature on rate limiter to return err too

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-01-15 17:53:15 -03:00
Martti T
9b0e63046b
Fluent Binder for Query/Path/Form binding (#1717) (#1736)
* Fluent Binder for Query/Path/Form binding.
* CI: report coverage for latest go (1.15) version
* improve docs, remove uncommented code
* separate unixtime with sec and nanosec precision binding
2021-01-08 00:43:38 +01:00