diff options
Diffstat (limited to 'vendor/github.com/labstack/echo/v4/middleware')
4 files changed, 54 insertions, 15 deletions
diff --git a/vendor/github.com/labstack/echo/v4/middleware/jwt.go b/vendor/github.com/labstack/echo/v4/middleware/jwt.go index cd35b621..bce47874 100644 --- a/vendor/github.com/labstack/echo/v4/middleware/jwt.go +++ b/vendor/github.com/labstack/echo/v4/middleware/jwt.go @@ -1,6 +1,7 @@ package middleware import ( + "errors" "fmt" "net/http" "reflect" @@ -49,11 +50,12 @@ type ( // Optional. Default value "user". ContextKey string - // Claims are extendable claims data defining token content. + // Claims are extendable claims data defining token content. Used by default ParseTokenFunc implementation. + // Not used if custom ParseTokenFunc is set. // Optional. Default value jwt.MapClaims Claims jwt.Claims - // TokenLookup is a string in the form of "<source>:<name>" that is used + // TokenLookup is a string in the form of "<source>:<name>" or "<source>:<name>,<source>:<name>" that is used // to extract token from the request. // Optional. Default value "header:Authorization". // Possible values: @@ -62,6 +64,9 @@ type ( // - "param:<name>" // - "cookie:<name>" // - "form:<name>" + // Multiply sources example: + // - "header: Authorization,cookie: myowncookie" + TokenLookup string // AuthScheme to be used in the Authorization header. @@ -71,13 +76,20 @@ type ( // KeyFunc defines a user-defined function that supplies the public key for a token validation. // The function shall take care of verifying the signing algorithm and selecting the proper key. // A user-defined KeyFunc can be useful if tokens are issued by an external party. + // Used by default ParseTokenFunc implementation. // // When a user-defined KeyFunc is provided, SigningKey, SigningKeys, and SigningMethod are ignored. // This is one of the three options to provide a token validation key. // The order of precedence is a user-defined KeyFunc, SigningKeys and SigningKey. // Required if neither SigningKeys nor SigningKey is provided. + // Not used if custom ParseTokenFunc is set. // Default to an internal implementation verifying the signing algorithm and selecting the proper key. KeyFunc jwt.Keyfunc + + // ParseTokenFunc defines a user-defined function that parses token from given auth. Returns an error when token + // parsing fails or parsed token is invalid. + // Defaults to implementation using `github.com/dgrijalva/jwt-go` as JWT implementation library + ParseTokenFunc func(auth string, c echo.Context) (interface{}, error) } // JWTSuccessHandler defines a function which is executed for a valid token. @@ -137,7 +149,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc { if config.Skipper == nil { config.Skipper = DefaultJWTConfig.Skipper } - if config.SigningKey == nil && len(config.SigningKeys) == 0 && config.KeyFunc == nil { + if config.SigningKey == nil && len(config.SigningKeys) == 0 && config.KeyFunc == nil && config.ParseTokenFunc == nil { panic("echo: jwt middleware requires signing key") } if config.SigningMethod == "" { @@ -158,6 +170,9 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc { if config.KeyFunc == nil { config.KeyFunc = config.defaultKeyFunc } + if config.ParseTokenFunc == nil { + config.ParseTokenFunc = config.defaultParseToken + } // Initialize // Split sources @@ -211,16 +226,8 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc { return err } - token := new(jwt.Token) - // Issue #647, #656 - if _, ok := config.Claims.(jwt.MapClaims); ok { - token, err = jwt.Parse(auth, config.KeyFunc) - } else { - t := reflect.ValueOf(config.Claims).Type().Elem() - claims := reflect.New(t).Interface().(jwt.Claims) - token, err = jwt.ParseWithClaims(auth, claims, config.KeyFunc) - } - if err == nil && token.Valid { + token, err := config.ParseTokenFunc(auth, c) + if err == nil { // Store user information from token into context. c.Set(config.ContextKey, token) if config.SuccessHandler != nil { @@ -243,6 +250,26 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc { } } +func (config *JWTConfig) defaultParseToken(auth string, c echo.Context) (interface{}, error) { + token := new(jwt.Token) + var err error + // Issue #647, #656 + if _, ok := config.Claims.(jwt.MapClaims); ok { + token, err = jwt.Parse(auth, config.KeyFunc) + } else { + t := reflect.ValueOf(config.Claims).Type().Elem() + claims := reflect.New(t).Interface().(jwt.Claims) + token, err = jwt.ParseWithClaims(auth, claims, config.KeyFunc) + } + if err != nil { + return nil, err + } + if !token.Valid { + return nil, errors.New("invalid token") + } + return token, nil +} + // defaultKeyFunc returns a signing key of the given token. func (config *JWTConfig) defaultKeyFunc(t *jwt.Token) (interface{}, error) { // Check the signing method diff --git a/vendor/github.com/labstack/echo/v4/middleware/rate_limiter.go b/vendor/github.com/labstack/echo/v4/middleware/rate_limiter.go index 46a310d9..0291eb45 100644 --- a/vendor/github.com/labstack/echo/v4/middleware/rate_limiter.go +++ b/vendor/github.com/labstack/echo/v4/middleware/rate_limiter.go @@ -169,7 +169,8 @@ type ( /* NewRateLimiterMemoryStore returns an instance of RateLimiterMemoryStore with -the provided rate (as req/s). Burst and ExpiresIn will be set to default values. +the provided rate (as req/s). The provided rate less than 1 will be treated as zero. +Burst and ExpiresIn will be set to default values. Example (with 20 requests/sec): diff --git a/vendor/github.com/labstack/echo/v4/middleware/request_id.go b/vendor/github.com/labstack/echo/v4/middleware/request_id.go index 21f801f3..b0baeeb2 100644 --- a/vendor/github.com/labstack/echo/v4/middleware/request_id.go +++ b/vendor/github.com/labstack/echo/v4/middleware/request_id.go @@ -14,6 +14,9 @@ type ( // Generator defines a function to generate an ID. // Optional. Default value random.String(32). Generator func() string + + // RequestIDHandler defines a function which is executed for a request id. + RequestIDHandler func(echo.Context, string) } ) @@ -53,6 +56,9 @@ func RequestIDWithConfig(config RequestIDConfig) echo.MiddlewareFunc { rid = config.Generator() } res.Header().Set(echo.HeaderXRequestID, rid) + if config.RequestIDHandler != nil { + config.RequestIDHandler(c, rid) + } return next(c) } diff --git a/vendor/github.com/labstack/echo/v4/middleware/timeout.go b/vendor/github.com/labstack/echo/v4/middleware/timeout.go index fb8ae421..73113654 100644 --- a/vendor/github.com/labstack/echo/v4/middleware/timeout.go +++ b/vendor/github.com/labstack/echo/v4/middleware/timeout.go @@ -2,9 +2,10 @@ package middleware import ( "context" - "github.com/labstack/echo/v4" "net/http" "time" + + "github.com/labstack/echo/v4" ) type ( @@ -87,6 +88,10 @@ type echoHandlerFuncWrapper struct { } func (t echoHandlerFuncWrapper) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + // replace echo.Context Request with the one provided by TimeoutHandler to let later middlewares/handler on the chain + // handle properly it's cancellation + t.ctx.SetRequest(r) + // replace writer with TimeoutHandler custom one. This will guarantee that // `writes by h to its ResponseWriter will return ErrHandlerTimeout.` originalWriter := t.ctx.Response().Writer |