* fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (fix#1771)
* rename trimMultipleSlashes to sanitizeURI
* adds middleware for rate limiting
* added comment for InMemoryStore ShouldAllow
* removed redundant mutex declaration
* fixed lint issues
* removed sleep from tests
* improved coverage
* refactor: renames Identifiers, includes default SourceFunc
* Added last seen stats for visitor
* uses http Constants for improved readdability
adds default error handler
* used other handler apart from default handler to mark custom error handler for rate limiting
* split tests into separate blocks
added an error pair to IdentifierExtractor
Includes deny handler for explicitly denying requests
* adds comments for exported members Extractor and ErrorHandler
* makes cleanup implementation inhouse
* Avoid race for cleanup due to non-atomic access to store.expiresIn
* Use a dedicated producer for rate testing
* tidy commit
* refactors tests, implicitly tests lastSeen property on visitor
switches NewRateLimiterMemoryStore constructor to Referential Functions style (Advised by @pafuent)
* switches to mock of time module for time based tests
tests are now fully deterministic
* improved coverage
* replaces Rob Pike referential options with more conventional struct configs
makes cleanup asynchronous
* blocks racy access to lastCleanup
* Add benchmark tests for rate limiter
* Add rate limiter with sharded memory store
* Racy access to store.lastCleanup eliminated
Merges in shiny sharded map implementation by @lammel
* Remove RateLimiterShradedMemoryStore for now
* Make fields for RateLimiterStoreConfig public for external configuration
* Improve docs for RateLimiter usage
* Fix ErrorHandler vs. DenyHandler usage for rate limiter
* Simplify NewRateLimiterMemoryStore
* improved coverage
* updated errorHandler and denyHandler to use echo.HTTPError
* Improve wording for error and comments
* Remove duplicate lastSeen marking for Allow
* Improve wording for comments
* Add disclaimer on perf characteristics of memory store
* changes Allow signature on rate limiter to return err too
Co-authored-by: Roland Lammel <rl@neotel.at>
- Fix Static file route not working without trailing slash
- Add tests for static middleware with/without trailing slash
- Add tests for static middleware under group
Co-authored-by: pwli <lipw0755@gmail.com>
Fixing a http.Request.Body leak on the decompress middleware that were
not properly Close
Removing the defer on the call to gzip.Reader, because that reader is
already exausted after the call to io.Copy
Adding a sync.Pool for the *gzip.Writer reduces the allocations of the
Compress middleware in 50% and gives an increase on execution speed of
a 85%
This fix#1643
Currently there is a half and half situation where the user can't use regex (fully) because * will be replaced with (.*), yet they also can't just enter any old string, because meta chars like . would need escaping.
e.g. currently *.html wouldn't work as intended, and instead *\.html should be used.
Work around this by using regexp's QuoteMeta function to sanitise the input before handling it.
