summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/labstack
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/labstack')
-rw-r--r--vendor/github.com/labstack/echo/v4/CHANGELOG.md14
-rw-r--r--vendor/github.com/labstack/echo/v4/README.md5
-rw-r--r--vendor/github.com/labstack/echo/v4/context.go2
-rw-r--r--vendor/github.com/labstack/echo/v4/middleware/cors.go88
-rw-r--r--vendor/github.com/labstack/gommon/bytes/bytes.go173
-rw-r--r--vendor/github.com/labstack/gommon/log/log.go6
6 files changed, 229 insertions, 59 deletions
diff --git a/vendor/github.com/labstack/echo/v4/CHANGELOG.md b/vendor/github.com/labstack/echo/v4/CHANGELOG.md
index e8f42200..8b71fb8e 100644
--- a/vendor/github.com/labstack/echo/v4/CHANGELOG.md
+++ b/vendor/github.com/labstack/echo/v4/CHANGELOG.md
@@ -1,5 +1,19 @@
# Changelog
+## v4.9.1 - 2022-10-12
+
+**Fixes**
+
+* Fix logger panicing (when template is set to empty) by bumping dependency version [#2295](https://github.com/labstack/echo/issues/2295)
+
+**Enhancements**
+
+* Improve CORS documentation [#2272](https://github.com/labstack/echo/pull/2272)
+* Update readme about supported Go versions [#2291](https://github.com/labstack/echo/pull/2291)
+* Tests: improve error handling on closing body [#2254](https://github.com/labstack/echo/pull/2254)
+* Tests: refactor some of the assertions in tests [#2275](https://github.com/labstack/echo/pull/2275)
+* Tests: refactor assertions [#2301](https://github.com/labstack/echo/pull/2301)
+
## v4.9.0 - 2022-09-04
**Security**
diff --git a/vendor/github.com/labstack/echo/v4/README.md b/vendor/github.com/labstack/echo/v4/README.md
index 17e6ed93..509b9735 100644
--- a/vendor/github.com/labstack/echo/v4/README.md
+++ b/vendor/github.com/labstack/echo/v4/README.md
@@ -11,12 +11,11 @@
## Supported Go versions
+Latest version of Echo supports last four Go major [releases](https://go.dev/doc/devel/release) and might work with older versions.
+
As of version 4.0.0, Echo is available as a [Go module](https://github.com/golang/go/wiki/Modules).
Therefore a Go version capable of understanding /vN suffixed imports is required:
-- 1.9.7+
-- 1.10.3+
-- 1.14+
Any of these versions will allow you to import Echo as `github.com/labstack/echo/v4` which is the recommended
way of using Echo going forward.
diff --git a/vendor/github.com/labstack/echo/v4/context.go b/vendor/github.com/labstack/echo/v4/context.go
index a4ecfadf..5567100b 100644
--- a/vendor/github.com/labstack/echo/v4/context.go
+++ b/vendor/github.com/labstack/echo/v4/context.go
@@ -181,7 +181,7 @@ type (
// Logger returns the `Logger` instance.
Logger() Logger
- // Set the logger
+ // SetLogger Set the logger
SetLogger(l Logger)
// Echo returns the `Echo` instance.
diff --git a/vendor/github.com/labstack/echo/v4/middleware/cors.go b/vendor/github.com/labstack/echo/v4/middleware/cors.go
index 16259512..25cf983a 100644
--- a/vendor/github.com/labstack/echo/v4/middleware/cors.go
+++ b/vendor/github.com/labstack/echo/v4/middleware/cors.go
@@ -15,46 +15,85 @@ type (
// Skipper defines a function to skip middleware.
Skipper Skipper
- // AllowOrigin defines a list of origins that may access the resource.
+ // AllowOrigins determines the value of the Access-Control-Allow-Origin
+ // response header. This header defines a list of origins that may access the
+ // resource. The wildcard characters '*' and '?' are supported and are
+ // converted to regex fragments '.*' and '.' accordingly.
+ //
+ // Security: use extreme caution when handling the origin, and carefully
+ // validate any logic. Remember that attackers may register hostile domain names.
+ // See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+ //
// Optional. Default value []string{"*"}.
+ //
+ // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
AllowOrigins []string `yaml:"allow_origins"`
// AllowOriginFunc is a custom function to validate the origin. It takes the
// origin as an argument and returns true if allowed or false otherwise. If
// an error is returned, it is returned by the handler. If this option is
// set, AllowOrigins is ignored.
+ //
+ // Security: use extreme caution when handling the origin, and carefully
+ // validate any logic. Remember that attackers may register hostile domain names.
+ // See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+ //
// Optional.
AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"`
- // AllowMethods defines a list methods allowed when accessing the resource.
- // This is used in response to a preflight request.
+ // AllowMethods determines the value of the Access-Control-Allow-Methods
+ // response header. This header specified the list of methods allowed when
+ // accessing the resource. This is used in response to a preflight request.
+ //
// Optional. Default value DefaultCORSConfig.AllowMethods.
- // If `allowMethods` is left empty will fill for preflight request `Access-Control-Allow-Methods` header value
+ // If `allowMethods` is left empty, this middleware will fill for preflight
+ // request `Access-Control-Allow-Methods` header value
// from `Allow` header that echo.Router set into context.
+ //
+ // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
AllowMethods []string `yaml:"allow_methods"`
- // AllowHeaders defines a list of request headers that can be used when
- // making the actual request. This is in response to a preflight request.
+ // AllowHeaders determines the value of the Access-Control-Allow-Headers
+ // response header. This header is used in response to a preflight request to
+ // indicate which HTTP headers can be used when making the actual request.
+ //
// Optional. Default value []string{}.
+ //
+ // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
AllowHeaders []string `yaml:"allow_headers"`
- // AllowCredentials indicates whether or not the response to the request
- // can be exposed when the credentials flag is true. When used as part of
- // a response to a preflight request, this indicates whether or not the
- // actual request can be made using credentials.
- // Optional. Default value false.
+ // AllowCredentials determines the value of the
+ // Access-Control-Allow-Credentials response header. This header indicates
+ // whether or not the response to the request can be exposed when the
+ // credentials mode (Request.credentials) is true. When used as part of a
+ // response to a preflight request, this indicates whether or not the actual
+ // request can be made using credentials. See also
+ // [MDN: Access-Control-Allow-Credentials].
+ //
+ // Optional. Default value false, in which case the header is not set.
+ //
// Security: avoid using `AllowCredentials = true` with `AllowOrigins = *`.
- // See http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+ // See "Exploiting CORS misconfigurations for Bitcoins and bounties",
+ // https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+ //
+ // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
AllowCredentials bool `yaml:"allow_credentials"`
- // ExposeHeaders defines a whitelist headers that clients are allowed to
- // access.
- // Optional. Default value []string{}.
+ // ExposeHeaders determines the value of Access-Control-Expose-Headers, which
+ // defines a list of headers that clients are allowed to access.
+ //
+ // Optional. Default value []string{}, in which case the header is not set.
+ //
+ // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Header
ExposeHeaders []string `yaml:"expose_headers"`
- // MaxAge indicates how long (in seconds) the results of a preflight request
- // can be cached.
- // Optional. Default value 0.
+ // MaxAge determines the value of the Access-Control-Max-Age response header.
+ // This header indicates how long (in seconds) the results of a preflight
+ // request can be cached.
+ //
+ // Optional. Default value 0. The header is set only if MaxAge > 0.
+ //
+ // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
MaxAge int `yaml:"max_age"`
}
)
@@ -69,13 +108,22 @@ var (
)
// CORS returns a Cross-Origin Resource Sharing (CORS) middleware.
-// See: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS
+// See also [MDN: Cross-Origin Resource Sharing (CORS)].
+//
+// Security: Poorly configured CORS can compromise security because it allows
+// relaxation of the browser's Same-Origin policy. See [Exploiting CORS
+// misconfigurations for Bitcoins and bounties] and [Portswigger: Cross-origin
+// resource sharing (CORS)] for more details.
+//
+// [MDN: Cross-Origin Resource Sharing (CORS)]: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS
+// [Exploiting CORS misconfigurations for Bitcoins and bounties]: https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+// [Portswigger: Cross-origin resource sharing (CORS)]: https://portswigger.net/web-security/cors
func CORS() echo.MiddlewareFunc {
return CORSWithConfig(DefaultCORSConfig)
}
// CORSWithConfig returns a CORS middleware with config.
-// See: `CORS()`.
+// See: [CORS].
func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {
// Defaults
if config.Skipper == nil {
diff --git a/vendor/github.com/labstack/gommon/bytes/bytes.go b/vendor/github.com/labstack/gommon/bytes/bytes.go
index 2f6bcec6..b07e31cd 100644
--- a/vendor/github.com/labstack/gommon/bytes/bytes.go
+++ b/vendor/github.com/labstack/gommon/bytes/bytes.go
@@ -12,19 +12,31 @@ type (
Bytes struct{}
)
+// binary units (IEC 60027)
const (
_ = 1.0 << (10 * iota) // ignore first value by assigning to blank identifier
- KB
- MB
- GB
- TB
- PB
- EB
+ KiB
+ MiB
+ GiB
+ TiB
+ PiB
+ EiB
+)
+
+// decimal units (SI international system of units)
+const (
+ KB = 1000
+ MB = KB * 1000
+ GB = MB * 1000
+ TB = GB * 1000
+ PB = TB * 1000
+ EB = PB * 1000
)
var (
- pattern = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]B?|B?)$`)
- global = New()
+ patternBinary = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]iB?)$`)
+ patternDecimal = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]B?|B?)$`)
+ global = New()
)
// New creates a Bytes instance.
@@ -32,44 +44,97 @@ func New() *Bytes {
return &Bytes{}
}
-// Format formats bytes integer to human readable string.
+// Format formats bytes integer to human readable string according to IEC 60027.
+// For example, 31323 bytes will return 30.59KB.
+func (b *Bytes) Format(value int64) string {
+ return b.FormatBinary(value)
+}
+
+// FormatBinary formats bytes integer to human readable string according to IEC 60027.
// For example, 31323 bytes will return 30.59KB.
-func (*Bytes) Format(b int64) string {
+func (*Bytes) FormatBinary(value int64) string {
+ multiple := ""
+ val := float64(value)
+
+ switch {
+ case value >= EiB:
+ val /= EiB
+ multiple = "EiB"
+ case value >= PiB:
+ val /= PiB
+ multiple = "PiB"
+ case value >= TiB:
+ val /= TiB
+ multiple = "TiB"
+ case value >= GiB:
+ val /= GiB
+ multiple = "GiB"
+ case value >= MiB:
+ val /= MiB
+ multiple = "MiB"
+ case value >= KiB:
+ val /= KiB
+ multiple = "KiB"
+ case value == 0:
+ return "0"
+ default:
+ return strconv.FormatInt(value, 10) + "B"
+ }
+
+ return fmt.Sprintf("%.2f%s", val, multiple)
+}
+
+// FormatDecimal formats bytes integer to human readable string according to SI international system of units.
+// For example, 31323 bytes will return 31.32KB.
+func (*Bytes) FormatDecimal(value int64) string {
multiple := ""
- value := float64(b)
+ val := float64(value)
switch {
- case b >= EB:
- value /= EB
+ case value >= EB:
+ val /= EB
multiple = "EB"
- case b >= PB:
- value /= PB
+ case value >= PB:
+ val /= PB
multiple = "PB"
- case b >= TB:
- value /= TB
+ case value >= TB:
+ val /= TB
multiple = "TB"
- case b >= GB:
- value /= GB
+ case value >= GB:
+ val /= GB
multiple = "GB"
- case b >= MB:
- value /= MB
+ case value >= MB:
+ val /= MB
multiple = "MB"
- case b >= KB:
- value /= KB
+ case value >= KB:
+ val /= KB
multiple = "KB"
- case b == 0:
+ case value == 0:
return "0"
default:
- return strconv.FormatInt(b, 10) + "B"
+ return strconv.FormatInt(value, 10) + "B"
}
- return fmt.Sprintf("%.2f%s", value, multiple)
+ return fmt.Sprintf("%.2f%s", val, multiple)
}
// Parse parses human readable bytes string to bytes integer.
-// For example, 6GB (6G is also valid) will return 6442450944.
-func (*Bytes) Parse(value string) (i int64, err error) {
- parts := pattern.FindStringSubmatch(value)
+// For example, 6GiB (6Gi is also valid) will return 6442450944, and
+// 6GB (6G is also valid) will return 6000000000.
+func (b *Bytes) Parse(value string) (int64, error) {
+
+ i, err := b.ParseBinary(value)
+ if err == nil {
+ return i, err
+ }
+
+ return b.ParseDecimal(value)
+}
+
+// ParseBinary parses human readable bytes string to bytes integer.
+// For example, 6GiB (6Gi is also valid) will return 6442450944.
+func (*Bytes) ParseBinary(value string) (i int64, err error) {
+ parts := patternBinary.FindStringSubmatch(value)
if len(parts) < 3 {
return 0, fmt.Errorf("error parsing value=%s", value)
}
@@ -81,8 +146,38 @@ func (*Bytes) Parse(value string) (i int64, err error) {
}
switch multiple {
+ case "KI", "KIB":
+ return int64(bytes * KiB), nil
+ case "MI", "MIB":
+ return int64(bytes * MiB), nil
+ case "GI", "GIB":
+ return int64(bytes * GiB), nil
+ case "TI", "TIB":
+ return int64(bytes * TiB), nil
+ case "PI", "PIB":
+ return int64(bytes * PiB), nil
+ case "EI", "EIB":
+ return int64(bytes * EiB), nil
default:
return int64(bytes), nil
+ }
+}
+
+// ParseDecimal parses human readable bytes string to bytes integer.
+// For example, 6GB (6G is also valid) will return 6000000000.
+func (*Bytes) ParseDecimal(value string) (i int64, err error) {
+ parts := patternDecimal.FindStringSubmatch(value)
+ if len(parts) < 3 {
+ return 0, fmt.Errorf("error parsing value=%s", value)
+ }
+ bytesString := parts[1]
+ multiple := strings.ToUpper(parts[2])
+ bytes, err := strconv.ParseFloat(bytesString, 64)
+ if err != nil {
+ return
+ }
+
+ switch multiple {
case "K", "KB":
return int64(bytes * KB), nil
case "M", "MB":
@@ -95,15 +190,27 @@ func (*Bytes) Parse(value string) (i int64, err error) {
return int64(bytes * PB), nil
case "E", "EB":
return int64(bytes * EB), nil
+ default:
+ return int64(bytes), nil
}
}
// Format wraps global Bytes's Format function.
-func Format(b int64) string {
- return global.Format(b)
+func Format(value int64) string {
+ return global.Format(value)
+}
+
+// FormatBinary wraps global Bytes's FormatBinary function.
+func FormatBinary(value int64) string {
+ return global.FormatBinary(value)
+}
+
+// FormatDecimal wraps global Bytes's FormatDecimal function.
+func FormatDecimal(value int64) string {
+ return global.FormatDecimal(value)
}
// Parse wraps global Bytes's Parse function.
-func Parse(val string) (int64, error) {
- return global.Parse(val)
+func Parse(value string) (int64, error) {
+ return global.Parse(value)
}
diff --git a/vendor/github.com/labstack/gommon/log/log.go b/vendor/github.com/labstack/gommon/log/log.go
index 06fa37e0..25f719aa 100644
--- a/vendor/github.com/labstack/gommon/log/log.go
+++ b/vendor/github.com/labstack/gommon/log/log.go
@@ -391,7 +391,7 @@ func (l *Logger) log(level Lvl, format string, args ...interface{}) {
if err == nil {
s := buf.String()
i := buf.Len() - 1
- if s[i] == '}' {
+ if i >= 0 && s[i] == '}' {
// JSON header
buf.Truncate(i)
buf.WriteByte(',')
@@ -404,7 +404,9 @@ func (l *Logger) log(level Lvl, format string, args ...interface{}) {
}
} else {
// Text header
- buf.WriteByte(' ')
+ if len(s) > 0 {
+ buf.WriteByte(' ')
+ }
buf.WriteString(message)
}
buf.WriteByte('\n')