1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-22 20:06:21 +02:00
Commit Graph

225 Commits

Author SHA1 Message Date
Martti T
14daeb9680
Security: c.Attachment and c.Inline should escape name in Content-Disposition header to avoid 'Reflect File Download' vulnerability. (#2541)
This is same as Go std does it 9d836d41d0/src/mime/multipart/writer.go (L132)
2023-11-07 14:10:06 +02:00
ivansmaliakou
f22ba6725c documentation: changed description for Bind() method of Context interface. Because Bind()` binds not only request body, but also path and query params 2023-03-16 07:46:03 +02:00
Martti T
8d4ac4c907
Additional configuration options for RequestLogger and Logger middleware (#2341)
* Add `middleware.RequestLoggerConfig.HandleError` configuration option to handle error within middleware with global error handler thus setting response status code decided by error handler and not derived from error itself.
* Add `middleware.LoggerConfig.CustomTagFunc` so Logger middleware can add custom text to logged row.
2022-11-30 15:47:23 +02:00
Wim
7544796946
Remove square brackets from ipv6 addresses in XFF (#2182)
Remove square brackets from ipv6 addresses in XFF
2022-11-24 22:17:31 +02:00
Amir Hossein
4c44305b23
update tests (#2275)
update tests
2022-10-06 11:34:00 +03:00
toimtoimtoim
1b1a68fd4f Improve filesystem support (Go 1.16+). Add field echo.Filesystem, methods: echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS. Following methods will use echo.Filesystem to server files: echo.File, echo.Static, group.File, group.Static, Context.File 2022-01-24 15:55:16 +02:00
toimtoimtoim
6f6befe555 improve docs 2022-01-03 21:04:17 +02:00
toimtoimtoim
5b26a5257b Allow header support in Router, MethodNotFoundHandler (405) and CORS middleware 2022-01-03 21:04:17 +02:00
Hosh
5e791b0787
Allow for custom JSON encoding implementations (#1880)
* Allow for custom JSON encoding implementations

Co-authored-by: toimtoimtoim <desinformatsioon@gmail.com>
2021-07-05 22:33:19 +03:00
Oleksandr Savchenko
fdacff0d93 Split XFF header only by comma 2021-06-02 21:42:27 +03:00
RaviKiran K
45870c75c3
Uses strings.Equalfold (#1790)
Changes case insensitive string comparisons to string.EqualFold which performs better than strings.Lower(str) == str comparison
2021-02-26 23:52:32 +02:00
Pablo Andres Fuente
53653b3df6 Merge branch 'master' into fix_router_find_after_invalid_set_param_values 2020-12-16 01:56:28 +00:00
Roland Lammel
9676696b42
Merge pull request #1656 from imxyb/remove-defer
remove useless defer for Context.FormFile
2020-11-20 12:43:26 +01:00
Pablo Andres Fuente
b166376dd6 Merge branch 'master' into fix_router_find_after_invalid_set_param_values 2020-11-05 03:06:48 +00:00
Pablo Andres Fuente
23c21871b7 Fixed Router#Find panic an infinite loop
Before this fix, Router#Find panics or enters in an infinite loop when
the context params values were set to a number less than the max number
of params supported by the Router.
2020-10-28 04:30:41 +00:00
yonbiaoxiao
42271822e4 remove unless defer 2020-10-20 11:54:40 +08:00
yonbiaoxiao
622f5e33d4 Use IndexByte instead of Split to reduce memory allocation and improve performance 2020-09-15 19:56:33 +08:00
178inaba
269dfcc9dd
Set maxParam with SetParamNames (#1535)
* Set maxParam with SetParamNames

Fixes #1492

* Revert go.mod
2020-03-30 12:28:07 -07:00
lukesolo
84b8aaf24f
Fix panic in FormFile if file not found (#1515) 2020-02-29 07:46:25 -08:00
Shinichi TAMURA
7c5af01350
Safer/trustable extraction of real ip from request (#1478)
* Safer/trustable extraction of real ip from request

* Fix x-real-ip handling on proxy

* fix docs

* fix default check
2020-02-24 08:29:34 -08:00
J. David Lowe
8d7f05e533 round-trip paramValues without exploding (#1463) 2020-01-23 18:32:17 -08:00
Alex Besogonov
5c7c87d09e Add ability to set the logger on echo.Context (#1377)
This change allows middleware to replace the logger on the echo.Context
with a customized per-request logger with additional fields. The logger
is reset to default on every Reset() call.
2019-11-11 12:34:13 -08:00
Argishti Rostamian
754b44989f Close file descriptor returned by request.FormFile (#1411) 2019-10-24 11:52:14 -07:00
Mark Smith
ee6618e831 reset p.values to echo.maxParam (#1429)
* reset p.values to echo.maxParam
* Update context.go

How about just reset the values?
2019-10-24 10:48:56 -07:00
Jesse Szwedko
608cebbaae Assign new ResponseWriter after calling http.HandlerFunc (#1341)
Otherwise, the `http.ResponseWriter` passed to `next()` within the
middleware is unused. This precludes middlewares from wrapping the
http.ResponseWriter to do things like record the status code.
2019-08-07 11:10:18 -07:00
Noam Y. Tenne
fbb72869b3 Fix for #1334 (#1335)
* echo.context.cjson should encode the JSON before writing the status code #1334 :

`response.Write` automatically sets status to `200` if a response code wasn't committed yet. This is convenient, but it ignores the fact that `response.Status` is a public field that may be set separately/before `response.Write` has been called
A `response.Status` is by default `0`, or `200` if the response was reset, so `response.Write` should fallback to `200` only if a code wasn't set yet.

* echo.context.cjson should encode the JSON before writing the status code #1334 :

Writing the response code before encoding the payload is prone to error.
If JSON encoding fails, the response code is already committed, the server is able to only modify the response body to reflect the error and the user receives an awkward response where the status is successful but the body reports an error.
Instead - set the desired code on `c.response.Status`. If writing eventually takes place, the desired code is committed. If an error occurs, the server can still change the response.
2019-05-23 22:13:57 -07:00
Hemachandar
775b2eefec Refactor DefaultProxyConfig Skipper & WebSocket Check in Context (#1297)
* refactor: default to DefaultProxyConfig.Skipper if not provided

* refactor: use strings library for websocket check
2019-03-02 10:43:23 -08:00
Andrei Avram
3d73323154 Use concurrency safe context by default. (#1158) 2019-02-12 10:56:26 -08:00
Vishal Rana
7867fce6ce Changes related to #1199
Signed-off-by: Vishal Rana <vr@labstack.com>
2019-01-14 10:56:17 -08:00
Evgeniy Kulikov
62145fad3e [extend #1191] Unnecessary alloc for XML, JSON, JSONP (#1199)
* [extend #1191] Unnecessary alloc for XML, JSON, JSONP

* add legacy (JSON/JSONP/XML)Blob tests

* fix namings

* fix `jsonPBlob` allocs

* fix review comments (thx @alexaandru)

* fix review comments (thx @alexaandru)
add benchmarks
2019-01-14 10:12:22 -08:00
Emir Ribić
a2d4cb9c7a Simplify REALIP method (#1193)
* Simplify REALIP method

* Remove alloc
2018-09-19 10:18:50 -07:00
Vishal Rana
a5d81b8d4a Updated deps, removed json-iterator, fixed #1087, fixed #1086
Signed-off-by: Vishal Rana <vr@labstack.com>
2018-03-16 10:00:59 -07:00
Vishal Rana
f4dde46fed Fixed build
Signed-off-by: Vishal Rana <vr@labstack.com>
2018-03-14 22:59:15 -07:00
Vishal Rana
003b0adaa5 Enhanced write content type
Signed-off-by: Vishal Rana <vr@labstack.com>
2018-03-14 22:51:06 -07:00
Vishal Rana
20ac716d4c Using json-iterator
Signed-off-by: Vishal Rana <vr@labstack.com>
2018-03-14 20:38:46 -07:00
Romain Gros
fb30777387 Return error of context.File in c.contentDisposition
context.Attachment and context.Inline use context.contentDisposition under the hood.
However, context.contentDisposition does not forward the error of context.File, leading to response 200 OK even when the file does not exist.
This commit forward the return value of context.File to context.contentDisposition to prevent that.
2018-03-06 10:50:53 -08:00
Vishal Rana
ec048ea523 Fixed #1052, dropped param alias feature
Signed-off-by: Vishal Rana <vr@labstack.com>
2018-01-30 19:02:29 -08:00
goofle
4df355113b Wrap Content-Disposition filename with quotes (#996) 2017-08-24 08:35:50 -07:00
Rene Jochum
0769b34b52 Use the NotFoundHandler when a file haven't been found. (#966)
This is especialy usefull when you use e.Static("/", "static") and you
want a notfoundhandler that serves your index.html like this:

echo.NotFoundHandler = func(c2 echo.Context) error {
	index := filepath.Join(c.config.StaticDir, c.config.Index)
	_, err := os.Open(index)
	if err != nil {
		return echo.ErrNotFound
	}
	return c2.File(path.Join(c.config.StaticDir, c.config.Index))
}

Another usecase with the Handler above is HTML5 SPF applications.

One caveat, you need to make sure that your NotFoundHandler doesn't
produce loops.

Signed-off-by: Rene Jochum <rene@jochums.at>
2017-07-19 11:29:41 -07:00
Vishal Rana
bd96cc3c15 Fixed #947
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-06-06 14:59:35 -07:00
Vishal Rana
c3887ebb13 Added Context#IsWebSocket(), proxy fix header
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-06-04 10:39:08 -07:00
TossPig
353a2f8b78 Get The HeaderXForwardedProto (#941)
* Get The HeaderXForwardedProto

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

* add HeaderXForwardedSsl

* Get The HeaderXForwardedSsl
2017-06-04 09:41:17 -07:00
Vishal Rana
533d7a8dc1 Closes #918, docs updated for testing handler
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-04-29 11:02:57 -07:00
Sub
0dfcb31d9e Automatically use JSONPretty/XMLPretty if '?pretty' in querystring (#916)
* Automatically use JSONPretty/XMLPretty if '?pretty' in querystring

* Update unit test cases

* Simplify code according comments

* Update guide for pretty json/xml
2017-04-27 21:41:46 -07:00
Vishal Rana
ac0a38d995 Fixed Context#RealIP() to fetch the first IP
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-04-20 12:05:09 -07:00
Vishal Rana
d5bff83dc3 Using *context instead of Context in Router#Find()
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-04-10 13:10:31 -07:00
Ole Bulbuk
f0e3f950cf Tested and fixed bug with reused context (path parameters). 2017-03-30 12:05:24 +02:00
Vishal Rana
22012e0e9d Fixed #833
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-03-26 20:15:48 -07:00
Vishal Rana
477d8dc708 Fixed #839
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-03-15 11:38:43 -07:00
Vishal Rana
c7c4395fbd Fixed #794
Signed-off-by: Vishal Rana <vr@labstack.com>
2017-01-31 13:55:39 -08:00