1
0
mirror of https://github.com/labstack/echo.git synced 2025-01-26 03:20:08 +02:00

1497 Commits

Author SHA1 Message Date
Martti T
f09f2bd14e
Fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (#1775,#1771)
* fix open redirect vulnerability with AddTrailingSlashWithConfig and RemoveTrailingSlashWithConfig (fix #1771)
* rename trimMultipleSlashes to sanitizeURI
2021-02-11 14:53:22 +01:00
Roland Lammel
932976ded6
Support real regex rules for rewrite and proxy middleware (#1767)
Support real regex rules for rewrite and proxy middleware (use non-greedy matching by default)

Co-authored-by: pwli <lipw0755@gmail.com>
2021-02-08 16:58:55 +02:00
Benjamin Chibuzor-Orie
7c8592a7e0
adds middleware for rate limiting (#1724)
* adds middleware for rate limiting

* added comment for InMemoryStore ShouldAllow

* removed redundant mutex declaration

* fixed lint issues

* removed sleep from tests

* improved coverage

* refactor: renames Identifiers, includes default SourceFunc

* Added last seen stats for visitor

* uses http Constants for improved readdability
adds default error handler

* used other handler apart from default handler to mark custom error handler for rate limiting

* split tests into separate blocks
added an error pair to IdentifierExtractor
Includes deny handler for explicitly denying requests

* adds comments for exported members Extractor and ErrorHandler

* makes cleanup implementation inhouse

* Avoid race for cleanup due to non-atomic access to store.expiresIn

* Use a dedicated producer for rate testing

* tidy commit

* refactors tests, implicitly tests lastSeen property on visitor
switches NewRateLimiterMemoryStore constructor to Referential Functions style (Advised by @pafuent)

* switches to mock of time module for time based tests
tests are now fully deterministic

* improved coverage

* replaces Rob Pike referential options with more conventional struct configs
makes cleanup asynchronous

* blocks racy access to lastCleanup

* Add benchmark tests for rate limiter

* Add rate limiter with sharded memory store

* Racy access to store.lastCleanup eliminated
Merges in shiny sharded map implementation by @lammel

* Remove RateLimiterShradedMemoryStore for now

* Make fields for RateLimiterStoreConfig public for external configuration

* Improve docs for RateLimiter usage

* Fix ErrorHandler vs. DenyHandler usage for rate limiter

* Simplify NewRateLimiterMemoryStore

* improved coverage

* updated errorHandler and denyHandler to use echo.HTTPError

* Improve wording for error and comments

* Remove duplicate lastSeen marking for Allow

* Improve wording for comments

* Add disclaimer on perf characteristics of memory store

* changes Allow signature on rate limiter to return err too

Co-authored-by: Roland Lammel <rl@neotel.at>
2021-01-15 17:53:15 -03:00
Martti T
9b0e63046b
Fluent Binder for Query/Path/Form binding (#1717) (#1736)
* Fluent Binder for Query/Path/Form binding.
* CI: report coverage for latest go (1.15) version
* improve docs, remove uncommented code
* separate unixtime with sec and nanosec precision binding
2021-01-08 00:43:38 +01:00
Ilija Matoski
67263b5e45
Timeout middleware implementation for go1.13+ (#1743)
Co-authored-by: Ilija Matoski <imatoski@schubergphilis.com>
2021-01-05 11:14:51 +01:00
Martti T
02ed3f3126
Fix #1729 Binding query/path params and form fields to struct only works for explicit tags (#1734)
* Binding query/path params and form fields to struct only works for fields that have explicit TAG defined on struct
* remove unnecessary benchmark after change because it is not valid test anymore
2021-01-05 11:04:24 +01:00
Vishal Rana
f718079658
Update README.md 2021-01-03 11:09:17 -08:00
stffabi
a9df83037d
Do not handle special trailing slash case for partial prefix (#1741)
* Add tests for issue #1739
* Handle special trailing slash case only for a matching prefix

Only handle the special trailing slash case if the whole prefix matches to avoid matching   
a wrong route for overlapping prefixes, e.g. /users/* for the path /users_prefix/ where
the route is only a partial prefix of the requested path.
2021-01-03 19:35:00 +01:00
Roland Lammel
c7c792d3bd Fix CSRF tests for Go 1.12 2021-01-03 01:45:58 +01:00
Roland Lammel
36f524ede8 Merge branch 'master' of github.com:labstack/echo 2021-01-03 01:20:24 +01:00
Roland Lammel
fc96d822eb Merge SameSite mode for CSRF (PR #1524) from 'pr0head/master' 2021-01-03 01:18:45 +01:00
Roland Lammel
4310e90d58 Support Go 1.12 for http.SameSiteNoneMode 2021-01-03 01:09:18 +01:00
Roland Lammel
716eb18329
Handle static routes with trailing slash (#1747)
- Fix Static file route not working without trailing slash
- Add tests for static middleware with/without trailing slash
- Add tests for static middleware under group

Co-authored-by: pwli <lipw0755@gmail.com>
2021-01-03 00:25:29 +01:00
Roland Lammel
0bdb45c583
Merge pull request #1740 from aldas/issue_1720_add_static_middleware_tests
refactor static middleware tests not to use previous case state (#1720)
2021-01-01 18:23:53 +01:00
toimtoimtoim
21f7787202 refactor static middleware tests not to use previous case state 2020-12-29 23:54:29 +02:00
Roland Lammel
6119aecb16
Merge pull request #1735 from aldas/refactor_echo_instance_listener_access
refactor Echo server startup to allow data race free access to listener address
2020-12-29 17:27:12 +01:00
toimtoimtoim
d18c040937 rename mutex 2020-12-29 13:25:43 +02:00
toimtoimtoim
734e313f71 refactor Echo server startup to allow data race free access to listener address 2020-12-29 12:06:49 +02:00
Roland Lammel
b065180250
Merge pull request #1727 from aldas/bind_query_when_get_delete
Bind query params only for HTTP GET/DELETE methods
2020-12-26 00:51:50 +01:00
toimtoimtoim
65ea019530 makefile targets to help local development/testing 2020-12-20 11:06:39 +02:00
toimtoimtoim
4d626c210d c.Bind() uses query params only for GET or DELETE methods. This restores pre v.4.1.11 behavior. 2020-12-20 11:05:42 +02:00
Roland Lammel
936c48a17e
Merge pull request #1725 from lammel/bugfix/conditional-ipv6-tests
Fix failing tests on systems not supporting IPv6
2020-12-18 15:14:59 +01:00
Roland Lammel
e4fe8c8367 Fix failing tests on systems not supporting IPv6 2020-12-18 14:20:36 +01:00
Vadim Sabirov
08073575f8 Merge branch 'master' of https://github.com/labstack/echo 2020-12-18 14:39:23 +03:00
Roland Lammel
829e82165f
Merge pull request #1722 from aldas/revert_pr_1674
Revert #1674 - failing tests
2020-12-17 03:24:01 +01:00
toimtoimtoim
547ca5ca1e reverts #1671 changes 2020-12-17 02:20:26 +02:00
toimtoimtoim
655596b1b9 Revert "Remove group.Use registering Any routes that break other routes"
This reverts commit f72eaa42
2020-12-17 02:01:59 +02:00
toimtoimtoim
628a2df08c Revert "Add a test"
This reverts commit 7a1126fb
2020-12-17 02:01:57 +02:00
Roland Lammel
ea31edbf71
Merge pull request #1681 from aldas/different_bind_methods
Improve default binder with separate methods for binding to query params, route params, request body
2020-12-16 21:12:47 +01:00
Roland Lammel
03ce9b25eb
Merge pull request #1661 from pafuent/fix_router_find_after_invalid_set_param_values
Fixed Router#Find panic an infinite loop
2020-12-16 10:11:25 +01:00
Pablo Andres Fuente
cf002025e6
Merge pull request #1674 from codeocean/group-use-bug
Remove group.Use registering Any routes that break other routes
2020-12-16 01:34:46 -03:00
Pablo Andres Fuente
0482cb3160
Merge pull request #1671 from pwli0755/fix-conflict
Fix Static files route not working
2020-12-16 01:27:09 -03:00
Pablo Andres Fuente
4602335be8
Merge pull request #1689 from pafuent/routing_misses_performance_improvements
Improve router performance with dedicated child types
2020-12-16 00:08:17 -03:00
Pablo Andres Fuente
045bec51d4 Merge branch 'master' into routing_misses_performance_improvements 2020-12-16 01:59:13 +00:00
Pablo Andres Fuente
53653b3df6 Merge branch 'master' into fix_router_find_after_invalid_set_param_values 2020-12-16 01:56:28 +00:00
pwli
2374af470c
Update echo_test.go
fix typo
2020-12-16 09:37:26 +08:00
pwli
89ec0070b8
Merge branch 'master' into fix-conflict 2020-12-16 09:21:26 +08:00
Roland Lammel
4422e3b66b
Merge pull request #1718 from little-cui/master
Fix static directory traversal security vulnerability for Windows
2020-12-15 16:31:52 +01:00
little-cui
1beaf09740 Bug Fix: Directory Traversal 2020-12-15 21:54:11 +08:00
Pablo Andres Fuente
e7741d48b1
Merge pull request #1719 from iambenkay/chore/request-id-test
adds test for request id
2020-12-15 01:32:30 -03:00
iambenkay
1c720597bb adds test for request id
- remain unchanged if provided
2020-12-14 19:06:25 +01:00
Pablo Andres Fuente
71325a6f1e erge branch 'master' into routing_misses_performance_improvements 2020-12-14 03:36:12 +00:00
toimtoimtoim
bd5810f5b5 separate methods to bind only query params, path params, request body 2020-12-13 11:19:05 +02:00
Pablo Andres Fuente
2b36b3d1d7
Merge pull request #1667 from pafuent/listener_network_configurable
Adding Echo#ListenerNetwork as configuration
2020-12-12 17:26:52 -03:00
Roland Lammel
06a9480cb2
Merge pull request #1679 from pafuent/update_benchmark_to_newer_versions
Update README.md with an updated Benchmark
2020-12-12 21:05:06 +01:00
Vadim Sabirov
53b38de143 Merge branch 'master' of https://github.com/labstack/echo 2020-12-11 12:34:52 +03:00
Roland Lammel
194129d070
Merge pull request #1699 from pafuent/improve_decompress_middleware
Adding sync.Pool to Decompress middleware
2020-12-11 10:09:41 +01:00
Roland Lammel
8c27828f11
Merge pull request #1659 from pafuent/panic_router_find_fails_on_params_with_no_root
Fixed panic when Router#Find fails on Param paths
2020-12-10 12:49:55 +01:00
Pablo Andres Fuente
78fe2224b6 Merge branch 'master' into listener_network_configurable 2020-12-10 04:10:13 +00:00
Pablo Andres Fuente
c171855555 Reverting changes on go.sum 2020-12-10 03:41:25 +00:00